we track for your security since 1999

vulnerabilities

The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them.

recent vulnerabilities

tracked products

RSS feed

vulnerability

vulnerability bulletin 11103

Trend Micro InterScan Web Security Suite: privilege elevation

Synthesis of the vulnerability

A local attacker can use the patchCmd program of Trendmicro InterScan Web Security Suite, in order to gain root privileges.
Impacted products: InterScan Web Security Suite.
Severity: 2/4.
Creation date: 27/10/2011.
Identifiers: BID-50380, VIGILANCE-VUL-11103.

Description of the vulnerability

The Trend Micro InterScan Web Security Suite product installs the /opt/trend/iwss/data/patch/bin/patchCmd tool, which is used to patch and unpatch (roolback) a program. The patchCmd tool is installed suid root.

This tool calls the "./PatchExe.sh" and "./RollbackExe.sh" shell scripts. However, these scripts are run from the current directory. If the attacker created a malicious program with these names, and located in the current directory, they are thus executed with root privileges.

A local attacker can therefore use the patchCmd program of Trend Micro InterScan Web Security Suite, in order to gain root privileges.
Complete Vigil@nce bulletin.... (free access)

Share this bulletin

Computer vulnerabilities tracking service

Vigil@nce provides an application vulnerability watch. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The technology watch team tracks security threats targeting the computer system.