The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Trend Micro InterScan Web Security Suite: privilege elevation

Synthesis of the vulnerability 

A local attacker can use the patchCmd program of Trendmicro InterScan Web Security Suite, in order to gain root privileges.
Impacted products: InterScan Web Security Suite.
Severity of this bulletin: 2/4.
Creation date: 27/10/2011.
Références of this threat: BID-50380, VIGILANCE-VUL-11103.

Description of the vulnerability 

The Trend Micro InterScan Web Security Suite product installs the /opt/trend/iwss/data/patch/bin/patchCmd tool, which is used to patch and unpatch (roolback) a program. The patchCmd tool is installed suid root.

This tool calls the "./PatchExe.sh" and "./RollbackExe.sh" shell scripts. However, these scripts are run from the current directory. If the attacker created a malicious program with these names, and located in the current directory, they are thus executed with root privileges.

A local attacker can therefore use the patchCmd program of Trend Micro InterScan Web Security Suite, in order to gain root privileges.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer weakness announce impacts software or systems such as InterScan Web Security Suite.

Our Vigil@nce team determined that the severity of this security alert is medium.

The trust level is of type confirmed by the editor, with an origin of user shell.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this vulnerability.

Solutions for this threat 

Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a system vulnerability announce. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.