lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060418201259.27993.qmail@securityfocus.com>
Date: 18 Apr 2006 20:12:59 -0000
From: Secure@...antec.com
To: bugtraq@...urityfocus.com
Subject: [Symantec Security Advisory] LiveUpdate for Macintosh Local
 Privilege Escalation


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Title:   Symantec LiveUpdate for Macintosh Local Privilege Escalation
Threat:  Moderate
Impact: Local Privilege Escalation
Product: LiveUpdate for Macintosh

Situation Overview:

Some components of Symantecs LiveUpdate for Macintosh do not set their
execution path environment. A non-privileged user can change their
execution path environment. If the user then executes one of these
components, it will inherit the changed environment and use it to locate
system commands. These components are configured to run with System
Administrative privileges (SUID) and are vulnerable to a potential Trojan
horse attack.

Full Advisory Availible at:
http://www.symantec.com/avcenter/security/Content/2006.04.17b.html

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.5 (Build 5050)

iQEVAwUBREU/MRy6+gFWHby+AQgmPAf/VyElOGm1g07qjSHtCNEZdVo7iwoolJxG
kDYUMCX1xmHNjozySX8T6fzVoLYdfmNjNGlinG9FXQf7zJe3THCUWEWUZlZKEqYj
Nei0Md43M78TNDsrHOHSLGCh+idc6GOWC80y4xMh/SDaUOVrOPGcorPRKRRiIQ6h
nuI2I7HM0cJj5X5JwHH5wGVfoNYtrmCnc7Fhj4G22Evr9OOrjBzhEgPByJuyT7RU
6mRBJ8D3nv4dn0bHfOIMyO5xJvSBCXoIaY111ZLo6zmbZ/TsBh9PqJPiJpv5NJqz
HCuiT6e47lmimgSUbSC7RQx2rx2ClxM7HFgKxLqYNPXj5Beg6fGn2A==
=CzEJ
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ