CVE-2003-0994
CVSS7.2
发布时间 :2004-02-03 00:00:00
修订时间 :2016-10-17 22:38:57
NMCOPS    

[原文]The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges.


[CNNVD]Symantec LiveUpdate本地权限提升漏洞(CNNVD-200402-002)

        
        Symantec LiveUpdate是大量symantec应用系统用于自动升级的程序。
        Symantec LiveUpdate在建立交互会话时不够安全,本地攻击者可以利用这个漏洞提升权限。
        当非特权用户登后,在Windows任务栏中可以会显示"there are Live Updates available,
        click here to run LiveUpdate"的小 窗口,如果点击运行在线自动升级,会发现LUALL.exe和LUCOMS~1.exe会以用户SYSTEM上下文运行,点击帮助按钮,会出现"LiveUpdate Help"窗口,点击文件并打开,浏览c:\windows\system32,就可以以SYSTEM权限运行cmd.exe程序。
        

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:symantec:norton_system_works:2001
cpe:/a:symantec:norton_antivirus:v3.0::handhelds
cpe:/a:symantec:norton_system_works:2002
cpe:/a:symantec:norton_system_works:2004
cpe:/a:symantec:norton_antivirus:2.1::ms_exchange
cpe:/a:symantec:norton_antivirus:2001
cpe:/a:symantec:norton_antivirus:2001::pro
cpe:/a:symantec:norton_antivirus:2003::pro
cpe:/a:symantec:norton_antivirus:2002::pro
cpe:/a:symantec:norton_antivirus:2002
cpe:/a:symantec:norton_antivirus:2003
cpe:/a:symantec:norton_antivirus:2004::pro
cpe:/a:symantec:windows_liveupdate:1.70.x
cpe:/a:symantec:windows_liveupdate:1.90.x
cpe:/a:symantec:norton_internet_security:2002
cpe:/a:symantec:norton_internet_security:2003::pro
cpe:/a:symantec:norton_internet_security:2002::pro
cpe:/a:symantec:norton_internet_security:2003
cpe:/a:symantec:norton_system_works:2003
cpe:/a:symantec:norton_internet_security:2001
cpe:/a:symantec:norton_internet_security:2004::pro
cpe:/a:symantec:norton_internet_security:2001::pro
cpe:/a:symantec:norton_internet_security:2004

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0994
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0994
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200402-002
(官方数据源) CNNVD

- 其它链接及资源

http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html
(UNKNOWN)  BUGTRAQ  20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM
http://marc.info/?l=bugtraq&m=107393473928245&w=2
(UNKNOWN)  BUGTRAQ  20040112 Re: SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM
http://www.secnetops.biz/research/SRT2004-01-09-1022.txt
(UNKNOWN)  MISC  http://www.secnetops.biz/research/SRT2004-01-09-1022.txt

- 漏洞信息

Symantec LiveUpdate本地权限提升漏洞
高危 访问验证错误
2004-02-03 00:00:00 2006-09-28 00:00:00
本地  
        
        Symantec LiveUpdate是大量symantec应用系统用于自动升级的程序。
        Symantec LiveUpdate在建立交互会话时不够安全,本地攻击者可以利用这个漏洞提升权限。
        当非特权用户登后,在Windows任务栏中可以会显示"there are Live Updates available,
        click here to run LiveUpdate"的小 窗口,如果点击运行在线自动升级,会发现LUALL.exe和LUCOMS~1.exe会以用户SYSTEM上下文运行,点击帮助按钮,会出现"LiveUpdate Help"窗口,点击文件并打开,浏览c:\windows\system32,就可以以SYSTEM权限运行cmd.exe程序。
        

- 公告与补丁

        厂商补丁:
        Symantec
        --------
        目前厂商已经发布了升级补丁以修复这个安全问题,用户可以使用LiveUpdate进行升级。
        
        http://www.symantec.com/

- 漏洞信息 (F32501)

_SRT2004-01-09-1022.txt (PacketStormID:F32501)
2004-01-12 00:00:00
Kevin Finisterre  secnetops.com
advisory,local
CVE-2003-0994
[点击下载]

Secure Network Operations Advisory SRT2004-01-09-1022 - Symantec LiveUpdate versions 1.70.x through 1.90.x has a vulnerability that allows local users to become SYSTEM. Products affected include Norton SystemWorks 2001-2004, Norton AntiVirus (and Pro) 2001-2004, Norton Internet Security (and Pro) 2001-2004, and Symantec AntiVirus for Handhelds v3.0.

Secure Network Operations, Inc.             http://www.secnetops.com/research
Strategic Reconnaissance Team               research[at]secnetops[.]com
Team Lead Contact                           kf[at]secnetops[.]com
Spam Contact				    `rm -rf /`@snosoft.com

Our Mission:
************************************************************************
Secure Network Operations offers expertise in Networking, Intrusion 
Detection Systems (IDS), Software Security Validation, and 
Corporate/Private Network Security. Our mission is to facilitate a 
secure and reliable Internet and inter-enterprise communications 
infrastructure through the products and services we offer. 

To learn more about our company, products and services or to request a 
demo of ANVIL FCS please visit our site at http://www.secnetops.com, or 
call us at: 978-263-3829


Quick Summary:
************************************************************************
Advisory Number         : SRT2004-01-09-1022
Product                 : Symantec LiveUpdate
Version                 : 1.70.x through 1.90.x
Vendor                  : http://symantec.com/techsupp/files/lu/lu.html
Class                   : Local
Criticality             : High (to users of the below listed products)
Products Affected	: Symantec LiveUpdate 1.70.x through 1.90.x
			: Norton SystemWorks 2001-2004
			: Norton AntiVirus (and Pro) 2001-2004
			: Norton Internet Security (and Pro) 2001-2004
			: Symantec AntiVirus for Handhelds v3.0
Operating System(s)     : Win32 


Notice
************************************************************************
The full technical details of this vulnerability can be found at:
http://www.secnetops.com under the research section. 


Basic Explanation
************************************************************************
High Level Description  : LiveUpdate allows local users to become SYSTEM
What to do              : run LiveUpdate and apply latest patches. 


Basic Technical Details
************************************************************************
Proof Of Concept Status : SNO has proof of concept. 

Low Level Description   : Symantec, the world leader in Internet security 
technology, provides a broad range of content and network security 
software and appliance solutions to individuals, enterprises and service 
providers. The company is a leading provider of client, gateway and server 
security solutions for virus protection, firewall and virtual private 
network, vulnerability management, intrusion detection, Internet content 
and email filtering, and remote management technologies and security 
services to enterprises and service providers around the world. Symantec's 
Norton brand of consumer security products is a leader in worldwide retail 
sales and industry awards. Headquartered in Cupertino, Calif., Symantec 
has worldwide operations in 36 countries.

Symantec's Norton Internet Security 2004 provides essential protection 
from viruses, hackers, and privacy threats. During an audit of NIS2004
we uncovered a local privilege escalation issue in LiveUpdate. This issue
is similar to the issues that were uncovered in the Windows Help API by 
both Brett Moore and our SRT team in late 2003.

Full details available at:
http://www.secnetops.biz/research/SRT2004-01-09-1022.txt and
http://www.secnetops.biz/research/SRT2004-01-09-1022.jpg

Vendor Status           : Symantec promptly attended to the issue and 
was very responsive during all phases of discovery / research and patching. 
Fixes are now available via LiveUpdate. 

Bugtraq URL             : To be assigned. CVE candidate CAN-2003-0994.
Disclaimer
----------------------------------------------------------------------
This advisory was released by Secure Network Operations,Inc. as a matter
of notification to help administrators protect their networks against
the described vulnerability. Exploit source code is no longer released
in our advisories but can be obtained under contract.. Contact our sales 
department at sales[at]secnetops[.]com for further information on how to 
obtain proof of concept code.

----------------------------------------------------------------------
Secure Network Operations, Inc. || http://www.secnetops.com
"Embracing the future of technology, protecting you."


 
    

- 漏洞信息

3428
Symantec Automatic LiveUpdate Local Privilege Escalation
Local Access Required Attack Type Unknown
Loss of Integrity
Exploit Public

- 漏洞描述

Symantec LiveUpdate contains a flaw that allows a local user to obtain SYSTEM privileges. The issue occurs when an interactive LiveUpdate session is available and allows a non-privileged user to manipulate the GUI functionality to gain elevated privilege.

- 时间线

2004-01-13 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Symantec LiveUpdate Local Privilege Escalation Vulnerability
Access Validation Error 9401
No Yes
2004-01-12 12:00:00 2009-07-12 12:56:00
Discovery credited to KF.

- 受影响的程序版本

Symantec Norton SystemWorks 2004 Professional Edition
Symantec Norton SystemWorks 2004
Symantec Norton SystemWorks 2003 Professional Edition
Symantec Norton SystemWorks 2003
Symantec Norton SystemWorks 2002 Professional Edition
Symantec Norton SystemWorks 2002
Symantec Norton SystemWorks 2001 Professional Edition
Symantec Norton SystemWorks 2001
Symantec Norton Internet Security 2004 Professional Edition
Symantec Norton Internet Security 2004
Symantec Norton Internet Security 2003 Professional Edition
Symantec Norton Internet Security 2003 6.0.4 .34
Symantec Norton Internet Security 2003
Symantec Norton Internet Security 2002 Professional Edition 0
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Symantec Norton Internet Security 2002 0
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Symantec Norton Internet Security 2001 Professional Edition
Symantec Norton Internet Security 2001 0
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Symantec Norton AntiVirus 2004 Professional Edition
Symantec Norton AntiVirus 2004
Symantec Norton AntiVirus 2003 Professional Edition
Symantec Norton Antivirus 2003 0
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Symantec Norton AntiVirus 2002 Professional Edition
Symantec Norton AntiVirus 2002 0
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Symantec Norton AntiVirus 2001 Professional Edition
Symantec Norton AntiVirus 2001 0
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98 b
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 3.5.1 SP5
- Microsoft Windows NT 3.5.1 SP3
- Microsoft Windows NT 3.5.1 SP2
- Microsoft Windows NT 3.5.1 SP1
- Microsoft Windows NT 3.5.1
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 3.5
Symantec LiveUpdate 1.9
Symantec LiveUpdate 1.8
Symantec LiveUpdate 1.7
+ Symantec Norton AntiVirus 2001 0
+ Symantec Norton AntiVirus 2002 0
+ Symantec Norton AntiVirus Corporate Edition 7.6
Symantec AntiVirus for Handhelds 3.0 .0.194
Symantec AntiVirus for Handhelds 3.0
Symantec Norton AntiVirus Corporate Edition 7.6
Symantec LiveUpdate 2.0
Symantec Java LiveUpdate

- 不受影响的程序版本

Symantec Norton AntiVirus Corporate Edition 7.6
Symantec LiveUpdate 2.0
Symantec Java LiveUpdate

- 漏洞讨论

Symantec LiveUpdate has been reported prone to a local privilege escalation vulnerability. This issue presents itself when a LiveUpdate interactive session is created. The privileges of the process, if different from the user, are not lowered. This may allow a local attacker to employ the vulnerable LiveUpdate component to spawn arbitrary executables with the privileges of the LiveUpdate process.

- 漏洞利用

An exploit has been developed by the researchers who discovered this vulnerability. This exploit is not believed to be publicly available.

- 解决方案

Symantec have made fixes to address this issue available over the LiveUpdate service. Customers who are potentially affected by this vulnerability are advised to run LiveUpdate as soon as possible. To update using LiveUpdate, customers should select the LiveUpdate option within your retail Symantec product and download and install all available updates. For customers who do not wish to use the LiveUpdate capability, fixes are linked below.


Symantec LiveUpdate 1.7

Symantec LiveUpdate 1.8

Symantec LiveUpdate 1.9

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站