McAfee VirusScan for Linux Lets Local Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1017385
|
|
SecurityTracker URL: http://securitytracker.com/id?1017385
|
|
CVE Reference: CVE-2006-6474
(Links to External Site)
|
Date: Dec 15 2006
|
Impact: User access via local system
|
Exploit Included: Yes
|
Description: A vulnerability was reported in McAfee VirusScan for Linux. A local user can obtain elevated privileges on the target system.
The software does not securely specify DT_RPATH, which includes the current working directory. A local user can cause the application
to load arbitrary ELF DSO libraries and execute arbitrary code with the privileges of the VirusScan application.
Jakub Moc of
Gentoo Linux discovered this vulnerability.
The original advisory is available at:
http://bugs.gentoo.org/show_bug.cgi?id=156989
|
Impact: A local user can obtain elevated privileges on the target system.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.mcafee.com/ (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Linux (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 15 Dec 2006 00:43:33 -0500
Subject: McAfee VirusScan for Linux
|
http://bugs.gentoo.org/show_bug.cgi?id=156989
CVE-2006-6474
|
|
