Lucene search

MitreCVE-2007-5829

HistoryNov 05, 2007 - 7:46 p.m.

CVE-2007-5829

2007-11-0519:46:00

CWE-264

mitre

web.nvd.nist.gov

symantec

antivirus

macintosh

vulnerability

root privileges

local admin

nvd

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:S/C:C/I:C/A:C

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

19.8%

JSON

The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and 10.x, Norton AntiVirus for Macintosh 10.0 and 10.1, and Norton Internet Security for Macintosh 3.x, uses a directory with weak permissions (group writable), which allows local admin users to gain root privileges by replacing unspecified files, which are executed when a user with physical access inserts a disk and the “Show Progress During Mount Scans” option is enabled.

Affected configurations

Nvd

Node

symantecnorton_antivirusMatch9.0macintosh

symantecnorton_antivirusMatch9.0.1macintosh

symantecnorton_antivirusMatch9.0.2macintosh

symantecnorton_antivirusMatch9.0.3macintosh

symantecnorton_antivirusMatch10.0macintosh

symantecnorton_antivirusMatch10.1macintosh

symantecnorton_internet_securityMatch3.0macintosh

VendorProductVersionCPE
symantecnorton_antivirus9.0cpe:2.3:a:symantec:norton_antivirus:9.0:*:macintosh:*:*:*:*:*
symantecnorton_antivirus9.0.1cpe:2.3:a:symantec:norton_antivirus:9.0.1:*:macintosh:*:*:*:*:*
symantecnorton_antivirus9.0.2cpe:2.3:a:symantec:norton_antivirus:9.0.2:*:macintosh:*:*:*:*:*
symantecnorton_antivirus9.0.3cpe:2.3:a:symantec:norton_antivirus:9.0.3:*:macintosh:*:*:*:*:*
symantecnorton_antivirus10.0cpe:2.3:a:symantec:norton_antivirus:10.0:*:macintosh:*:*:*:*:*
symantecnorton_antivirus10.1cpe:2.3:a:symantec:norton_antivirus:10.1:*:macintosh:*:*:*:*:*
symantecnorton_internet_security3.0cpe:2.3:a:symantec:norton_internet_security:3.0:*:macintosh:*:*:*:*:*

Vendor	Product	Version	CPE
symantec	norton_antivirus	9.0	cpe:2.3:a:symantec:norton_antivirus:9.0::macintosh:::::
symantec	norton_antivirus	9.0.1	cpe:2.3:a:symantec:norton_antivirus:9.0.1::macintosh:::::
symantec	norton_antivirus	9.0.2	cpe:2.3:a:symantec:norton_antivirus:9.0.2::macintosh:::::
symantec	norton_antivirus	9.0.3	cpe:2.3:a:symantec:norton_antivirus:9.0.3::macintosh:::::
symantec	norton_antivirus	10.0	cpe:2.3:a:symantec:norton_antivirus:10.0::macintosh:::::
symantec	norton_antivirus	10.1	cpe:2.3:a:symantec:norton_antivirus:10.1::macintosh:::::
symantec	norton_internet_security	3.0	cpe:2.3:a:symantec:norton_internet_security:3.0::macintosh:::::

References

osvdb.org/40864

secunia.com/advisories/27488

securityresponse.symantec.com/avcenter/security/Content/2007.11.02.html

securitytracker.com/id?1018889

securitytracker.com/id?1018890

www.securityfocus.com/bid/26253

www.vupen.com/english/advisories/2007/3698

exchange.xforce.ibmcloud.com/vulnerabilities/38229

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:S/C:C/I:C/A:C

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

19.8%

JSON

Related for CVE-2007-5829