CVE-2004-1149
CVSS7.2
发布时间 :2005-01-10 00:00:00
修订时间 :2008-09-10 15:29:19
NMCOPS    

[原文]Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including 7.0.1.4, installs its files with insecure permissions (ACLs), which allows local users to gain privileges by replacing critical programs with malicious ones, as demonstrated using VetMsg.exe.


[CNNVD]ComputerAssociates eTrustEZAntivirus 文件权限 本地权限提升(CNNVD-200501-143)

        eTrust EZ Antivirus是CA公司开发的反病毒软件。
        Computer Associates eTrust EZ Antivirus 7.0.0至7.0.4以及7.0.1.4版本存在本地权限提升漏洞。
        由于eTrust EZ Antivirus在安装时使用了不安全的文件权限权限设置不正确,本地用户可以用恶意程序替换某些关键文件(如VetMsg.exe),从而提升权限。

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:ca:etrust_ez_antivirus:7.0.1.2Computer Associates eTrust EZ Antivirus 7.0.1.2
cpe:/a:ca:etrust_ez_antivirus:7.0.1Computer Associates eTrust EZ Antivirus 7.0.1
cpe:/a:ca:etrust_ez_antivirus:7.0.4Computer Associates eTrust EZ Antivirus 7.0.4
cpe:/a:ca:etrust_ez_antivirus:7.0.1.3Computer Associates eTrust EZ Antivirus 7.0.1.3
cpe:/a:ca:etrust_ez_antivirus:7.0.1.1Computer Associates eTrust EZ Antivirus 7.0.1.1
cpe:/a:ca:etrust_ez_antivirus:7.0.3Computer Associates eTrust EZ Antivirus 7.0.3
cpe:/a:ca:etrust_ez_antivirus:7.0.1.4Computer Associates eTrust EZ Antivirus 7.0.1.4
cpe:/a:ca:etrust_ez_antivirus:7.0.2Computer Associates eTrust EZ Antivirus 7.0.2
cpe:/a:ca:etrust_ez_antivirus:7.0.2.1Computer Associates eTrust EZ Antivirus 7.0.2.1
cpe:/a:ca:etrust_ez_antivirus:7.0Computer Associates eTrust EZ Antivirus 7.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1149
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1149
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200501-143
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/18502
(UNKNOWN)  XF  etrust-antivirus-insecure-permissions(18502)
http://www.idefense.com/application/poi/display?id=164
(UNKNOWN)  IDEFENSE  20041215 Computer Associates eTrust EZ Antivirus Insecure File Permission Vulnerability
http://crm.my-etrust.com/login.asp?username=guest&target=DOCUMENT&openparameter
(UNKNOWN)  CONFIRM  http://crm.my-etrust.com/login.asp?username=guest&target=DOCUMENT&openparameter

- 漏洞信息

ComputerAssociates eTrustEZAntivirus 文件权限 本地权限提升
高危 配置错误
2005-01-10 00:00:00 2005-10-20 00:00:00
本地  
        eTrust EZ Antivirus是CA公司开发的反病毒软件。
        Computer Associates eTrust EZ Antivirus 7.0.0至7.0.4以及7.0.1.4版本存在本地权限提升漏洞。
        由于eTrust EZ Antivirus在安装时使用了不安全的文件权限权限设置不正确,本地用户可以用恶意程序替换某些关键文件(如VetMsg.exe),从而提升权限。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.ca.com/us/products/Product.aspx?ID=156

- 漏洞信息 (F35359)

iDEFENSE Security Advisory 2004-12-15.t (PacketStormID:F35359)
2004-12-30 00:00:00
iDefense Labs  idefense.com
advisory,local
CVE-2004-1149
[点击下载]

iDEFENSE Security Advisory 12.15.2004 - Local exploitation of an insecure permission vulnerability in Computer Associates eTrust EZ Antivirus allows attackers to escalate privileges or disable protection.

Computer Associates eTrust EZ Antivirus Insecure File Permission
Vulnerability

iDEFENSE Security Advisory 12.15.04
http://www.idefense.com/application/poi/display?id=164
December 15, 2004

I. BACKGROUND

Computer Associates eTrust EZ Antivirus is antivirus protection software 
for home and business use. It provides complete protection, detection 
and elimination of thousands of computer viruses, worms, and Trojan 
Horse programs.

II. DESCRIPTION

Local exploitation of an insecure permission vulnerability in Computer
Associates eTrust EZ Antivirus allows attackers to escalate privileges
or disable protection.

Computer Associates eTrust EZ Antivirus is a product used to protect a
personal computer from virus infections. The vulnerability specifically 
exists in the default file Access Control List (ACL) settings that are 
applied during installation. When an administrator installs eTrust EZ 
Antivirus, the default ACL allows any user to modify the installed 
files. Because of the fact that some of the programs run as system 
services, a user can simply replace an installed eTrust EZ Antivirus 
file with their own malicious code that will later be executed with 
system privileges. One such file that would be a target for this is 
VetMsg.exe.

III. ANALYSIS

Successful exploitation allows local attackers to escalate privileges to 
the system level. It is also possible to use this vulnerability to 
simply disable protection by moving all of the executable files so that 
they cannot start upon a reboot.

IV. DETECTION

iDEFENSE has confirmed the existence of this vulnerability in eTrust EZ 
Antivirus version 7.0.1.4. According to Computer Associates, eTrust EZ
Antivirus r7.0.0 - r7.0.4 installed on PC's running Windows NT, 2000 or
XP and with NTFS formatted drives are also affected.

V. WORKAROUND

Apply proper Access Control List settings to the directory that eTrust 
EZ Antivirus is installed in. The ACL rules should make sure that no 
regular users can modify files in the directory.

VI. VENDOR RESPONSE

"With the assistance of iDEFENSE, Computer Associates has identified a
medium-risk vulnerability in the installation and updating components of
eTrustTM EZ Antivirus which may allow a local user to escalate their
user privileges on a PC and disable protection.

Effected generally available releases of eTrust EZ Antivirus include:
eTrust EZ Antivirus r7.0.0 - r7.0.4 installed on PC's
    

- 漏洞信息

12407
CA eTrust EZ Anti-Virus VetMsg.exe Local Privilege Escalation
Local Access Required
Loss of Integrity

- 漏洞描述

- 时间线

2004-12-15 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 7.0.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Computer Associates eTrust EZ Antivirus Local Insecure Default Installation Vulnerability
Configuration Error 11971
No Yes
2004-12-16 12:00:00 2009-07-12 09:26:00
The individual or individuals responsible for disclosure of this issue is currently unknown; these issues were disclosed in the referenced iDEFENSE advisory.

- 受影响的程序版本

Computer Associates eTrust EZ Antivirus 7.0.4
Computer Associates eTrust EZ Antivirus 7.0.3
Computer Associates eTrust EZ Antivirus 7.0.2 .1
Computer Associates eTrust EZ Antivirus 7.0.2
Computer Associates eTrust EZ Antivirus 7.0.1 .4
Computer Associates eTrust EZ Antivirus 7.0.1 .3
Computer Associates eTrust EZ Antivirus 7.0.1 .2
Computer Associates eTrust EZ Antivirus 7.0.1 .1
Computer Associates eTrust EZ Antivirus 7.0.1
Computer Associates eTrust EZ Antivirus 7.0
Computer Associates eTrust EZ Antivirus 7.0.5

- 不受影响的程序版本

Computer Associates eTrust EZ Antivirus 7.0.5

- 漏洞讨论

A local insecure installation vulnerability affects eTrust EZ Antivirus. This issue is due to a failure of the application to properly secure files upon installation.

An attacker may leverage this issue to manipulate installed files, potentially allowing them to disable anti-virus protection or execute code with SYSTEM privileges.

- 漏洞利用

No exploit is required to leverage this issue.

- 解决方案

The vendor has resolved this issue in version 7.0.5 of the affected software. Users are advised to contact the vendor for details on obtaining the fixed packages.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站