vulnerability bulletin 11103
Trend Micro InterScan Web Security Suite: privilege elevation
Synthesis of the vulnerability
A local attacker can use the patchCmd program of Trendmicro InterScan Web Security Suite, in order to gain root privileges.Impacted products:
InterScan Web Security Suite.
Description of the vulnerability
The Trend Micro InterScan Web Security Suite product installs the /opt/trend/iwss/data/patch/bin/patchCmd tool, which is used to patch and unpatch (roolback) a program. The patchCmd tool is installed suid root.
This tool calls the "./PatchExe.sh" and "./RollbackExe.sh" shell scripts. However, these scripts are run from the current directory. If the attacker created a malicious program with these names, and located in the current directory, they are thus executed with root privileges.
A local attacker can therefore use the patchCmd program of Trend Micro InterScan Web Security Suite, in order to gain root privileges.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides an application vulnerability watch
. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The technology watch team tracks security threats targeting the computer system.