| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <web-78801084@bk2.webmaillogin.com> Date: Sat, 04 Aug 2007 18:49:39 -0400 From: <edi.strosar@...nostne-novice.com> To: "Full Disclosure" <full-disclosure@...ts.grok.org.uk> Subject: Panda Antivirus EoP (BID 25186) Hello list, regarding BID 25186 (disclosed by tarkus) http://www.securityfocus.com/bid/25186/ we discovered that Panda Antivirus 2007 is also vulnerable to insecure file permission issue. Least privileged users could elevate their privileges to Local System by renaming and replacing any of the following files within Panda installation directory: pavsrv51.exe (Panda AV Service) psimsvc.exe (Panda IManager Service) psctrls.exe (Panda Software Controller) Sincerelly, Edi Strosar (Team Intell) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists