OSVDB ID: 20543 Title: F-Secure Anti-Virus Internet Gatekeeper/Linux Gateway halt_suid.cgi Local Privilege Escalation |
Info |
|
|
Dates |
||||
|
|
Description |
F-Secure Anti-Virus Internet Gatekeeper for Linux and F-Secure Anti-Virus Linux Gateway contain a flaw that may allow a malicious local user to elevate privileges to root. The issue is triggered when a user creates a malicious script named halt.cgi in the current working directory, and executes the SUID script halt_suid.cgi using its full path. The SUID script will execute the malicious script because it looks for it in the working directory. This flaw may lead to a loss of integrity. |
Classification |
Location:
Local Access Required
Attack Type: Input Manipulation Impact: Loss of Integrity Exploit: Exploit Public Disclosure: OSVDB Verified |
Solution |
Upgrade F-Secure Anti-Virus Internet Gatekeeper for Linux to version 2.15.484 or higher. Upgrade F-Secure Anti-Virus Linux Gateway to version 2.16 or higher, as these updates have been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: For F-Secure Internet Gatekeeper for Linux: "chmod -s /opt/f-secure/fsigk/cgi/*suid.cgi" For F-Secure Anti-Virus Linux Gateway: "chmod -s /home/virusgw/cgi/*suid.cgi" |
Products |
|
References |
|
Credit |
|
tigerteam.se - Tigerteam.se Security