TITLE:
NOD32 Privilege Escalation Vulnerabilities
SECUNIA ADVISORY ID:
SA19054
VERIFY ADVISORY:
http://secunia.c
om/advisories/19054/
CRITICAL:
Less critical
IMPACT:
Privilege escalation
WHERE:
Local system
SOFTWARE:
NOD32 for Windows NT/2000/XP/2003 2.x
http://secunia.com/p
roduct/1066/
DESCRIPTION:
Two vulnerabilities have been reported in NOD32, which can
be
exploited by malicious, local users to gain escalated
privileges.
1) The NOD32 GUI (nod32.exe) runs with SYSTEM privileges
when a
scheduled on-demand scan is being run by the scheduler. This
can be
exploited to invoke cmd.exe with SYSTEM privileges when a
scheduled
scan is running.
The vulnerability has been confirmed in version 2.5 for
WinNT/2k/XP/2003 (nod32krn.exe/nod32.exe 2.51.20.0). Other
versions
may also be affected.
2) The program doesn't drop its SYSTEM privileges before
allowing a
user to use the "Restore to..." feature to
restore a
quarantined
file. This can be exploited to write a file to an arbitrary
directory
with SYSTEM privileges if a file with the given filename
doesn't
already exist.
SOLUTION:
Update to version 2.51.26 or later.
ORIGINAL ADVISORY:
Secunia Research:
http://s
ecunia.com/secunia_research/2006-17/
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|