Symlink Vulnerability in Symantec AntiVirus for Red Hat Linux
CVE-2004-0217

7HIGH

Key Information:

Vendor
Symantec
Status
Antivirus Scan Engine
Vendor
CVE Published:
15 April 2004

Summary

The LiveUpdate feature in the Symantec AntiVirus Scan Engine versions 4.0 and 4.3 for Red Hat Linux contains a vulnerability that allows local users to exploit symlink functionalities. By manipulating the /tmp/LiveUpdate.log file through a symlink attack, unauthorized users can create or append data to arbitrary files, potentially compromising system integrity and security.

References

http://www.securityfocus.com/bid/9662
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/15215
vdb-entryx_refsource_XF
http://marc.info/?l=bugtraq&m=107694800908164&w=2
mailing-listx_refsource_BUGTRAQ

CVSS V3.1

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.