Date Disclosed:
10/25/2011
Date Patched:
Patch Not Yet Available
Vendor:
Trend Micro
Affected Software:
Trend Micro InterScan Web Security Suite for Linux and Solaris 3.1 and prior
Description:
The Trend Micro InterScan Web Security Suite (IWSS) will run scripts titled either "PatchExe.sh" or "RollbackExe.sh" out of the current directory with root privileges regardless of the privileges with which the IWSS was initially launched with. Successful exploitation would give an attacker root level access to the target machine.
Severity:
High
Code Execution:
Yes
Impact:
Local Elevation of Privilege to root privileges
This local vulnerability allows an attacker with file write privileges to run arbitrary scripts under the context of system root.
Mitigation:
No mitigation has been provided.
Protection:
Links:
Status:
10.25.2011 - Public Information Released
Không có nhận xét nào:
Đăng nhận xét