| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 18 Apr 2006 20:12:59 -0000 From: Secure@...antec.com To: bugtraq@...urityfocus.com Subject: [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Title: Symantec LiveUpdate for Macintosh Local Privilege Escalation Threat: Moderate Impact: Local Privilege Escalation Product: LiveUpdate for Macintosh Situation Overview: Some components of Symantecs LiveUpdate for Macintosh do not set their execution path environment. A non-privileged user can change their execution path environment. If the user then executes one of these components, it will inherit the changed environment and use it to locate system commands. These components are configured to run with System Administrative privileges (SUID) and are vulnerable to a potential Trojan horse attack. Full Advisory Availible at: http://www.symantec.com/avcenter/security/Content/2006.04.17b.html -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.5 (Build 5050) iQEVAwUBREU/MRy6+gFWHby+AQgmPAf/VyElOGm1g07qjSHtCNEZdVo7iwoolJxG kDYUMCX1xmHNjozySX8T6fzVoLYdfmNjNGlinG9FXQf7zJe3THCUWEWUZlZKEqYj Nei0Md43M78TNDsrHOHSLGCh+idc6GOWC80y4xMh/SDaUOVrOPGcorPRKRRiIQ6h nuI2I7HM0cJj5X5JwHH5wGVfoNYtrmCnc7Fhj4G22Evr9OOrjBzhEgPByJuyT7RU 6mRBJ8D3nv4dn0bHfOIMyO5xJvSBCXoIaY111ZLo6zmbZ/TsBh9PqJPiJpv5NJqz HCuiT6e47lmimgSUbSC7RQx2rx2ClxM7HFgKxLqYNPXj5Beg6fGn2A== =CzEJ -----END PGP SIGNATURE-----
Powered by blists - more mailing lists