CVE-2004-0831
CVSS7.2
发布时间 :2004-09-14 00:00:00
修订时间 :2016-10-17 22:49:21
NMCOP    

[原文]McAfee VirusScan 4.5.1 does not drop SYSTEM privileges before allowing users to browse for files via the "System Scan" properties of the System Tray applet, which could allow local users to gain privileges.


[CNNVD]McAfee VirusScan系统扫描本地权限提升漏洞(CNNVD-200409-031)

        
        McAfee VirusScan是一款流行的实时病毒保护应用程序。
        McAfee VirusScan的系统扫描功能不正确丢弃SYSTEM权限,本地攻击者可以利用这个漏洞提升权限。
        当从系统托盘访问"System Scan"属性时没有正确丢弃系统权限。通过右击系统托盘图标,选择"Properties",然后选择"System Scan",从"Report"标签中选择"Browse...". 然后打开文件就可能以SYSTEM权限执行。
        

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:mcafee:virusscan:4.5.1McAfee VirusScan 4.5.1
cpe:/a:mcafee:virusscan:4.5McAfee VirusScan 4.5

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0831
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0831
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200409-031
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=109526269429728&w=2
(UNKNOWN)  BUGTRAQ  20040915 McAfee VirusScan Privilege Escalation Vulnerability [iDEFENSE]
http://www.idefense.com/application/poi/display?id=140&type=vulnerabilities
(VENDOR_ADVISORY)  IDEFENSE  20040914 McAfee VirusScan Privilege Escalation Vulnerability
http://xforce.iss.net/xforce/xfdb/17367
(VENDOR_ADVISORY)  XF  mcafee-virusscan-gain-privileges(17367)

- 漏洞信息

McAfee VirusScan系统扫描本地权限提升漏洞
高危 未知
2004-09-14 00:00:00 2005-10-20 00:00:00
本地  
        
        McAfee VirusScan是一款流行的实时病毒保护应用程序。
        McAfee VirusScan的系统扫描功能不正确丢弃SYSTEM权限,本地攻击者可以利用这个漏洞提升权限。
        当从系统托盘访问"System Scan"属性时没有正确丢弃系统权限。通过右击系统托盘图标,选择"Properties",然后选择"System Scan",从"Report"标签中选择"Browse...". 然后打开文件就可能以SYSTEM权限执行。
        

- 公告与补丁

        厂商补丁:
        McAfee
        ------
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.mcafee-at-home.com/products/virusscan/default.asp

- 漏洞信息 (F34362)

iDEFENSE Security Advisory 2004-09-14.t (PacketStormID:F34362)
2004-09-15 00:00:00
Ian Vitek,iDefense Labs  idefense.com
advisory,local
windows,2k,xp
CVE-2004-0831
[点击下载]

iDEFENSE Security Advisory 09.14.04 - Local exploitation of a design error vulnerability in Networks Associates Technology Inc.'s McAfee VirusScan could allow attackers to obtain increased privileges. McAfee VirusScan version 4.5.1 running on Windows 2000 Professional and Windows XP Professional operating systems is vulnerable. It is suspected that McAfee VirusScan 4.5 is also vulnerable.

McAfee VirusScan Privilege Escalation Vulnerability

iDEFENSE Security Advisory 09.14.04:

*I. BACKGROUND*

McAfee VirusScan is a popular real-time virus protection application.
For more information see http://www.mcafee.com 

*II. DESCRIPTION*

Local exploitation of a design error vulnerability in Networks
Associates Technology Inc.'s McAfee VirusScan could allow attackers to
obtain increased privileges.

The problem specifically exists because SYSTEM privileges are not
dropped when accessing the "System Scan" properties from the System
Tray applet. The vulnerability can be exploited by right-clicking the
System Tray icon, choosing "Properties", selecting "System Scan",
then, from the "Report" tab, selecting "Browse...". The opened file
selected can be abused by navigating to C:\WINDOWS\SYSTEM32\,
right-clicking cmd.exe, then selecting "Open"; doing so spawns a
command shell with SYSTEM privileges.

*III. ANALYSIS*

Exploitation allows local users to obtain Local System privileges,
thereby providing them with complete control of the affected system.

*IV. DETECTION*

McAfee VirusScan version 4.5.1 running on Windows 2000 Professional
and Windows XP Professional operating systems is vulnerable. It is
suspected that McAfee VirusScan 4.5 is also vulnerable.

*V. WORKAROUND*

iDEFENSE is currently unaware of any workarounds for this issue.

*VI. VENDOR FIX*

The vendor does not appear to have provided a patch for this issue.
However, due to design changes in the GUI, this vulnerability does not
appear to exist in later versions of the product.

*VII. CVE INFORMATION*

The Common Vulnerabilities and Exposures (CVE) project has assigned the
names CAN-2004-0831 to these issues. This is a candidate for inclusion
in the CVE list (http://cve.mitre.org <http://cve.mitre.org/>), which
standardizes names for
security problems.

*VIII. DISCLOSURE TIMELINE*

08/12/2004   Initial vendor notification - no response
08/12/2004   iDEFENSE clients notified
09/02/2004   Secondary vendor notification - no response
09/14/2004   Public disclosure

*IX. CREDIT*

Ian Vitek is credited with this discovery.

Get paid for vulnerability research
http://www.idefense.com/poi/teams/vcp.jsp

*X. LEGAL NOTICES*

Copyright     

- 漏洞信息

9949
McAfee VirusScan System Scan Privilege Escalation
Local Access Required Authentication Management
Loss of Confidentiality, Loss of Integrity
Exploit Public

- 漏洞描述

McAfee VirusScan contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered the System Scan applet is used to access cmd.exe which executes with local system privileges. This flaw may lead to a loss of confidentiality and integrity.

- 时间线

2004-09-14 2004-08-12
2004-09-14 Unknow

- 解决方案

Upgrade to version 7.0 or higher, as it has been reported to fix this vulnerability due to a complete change in the GUI. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站