Default welcome msg!

Trend Micro InterScan Web Security Suite Local Privilege Escalation

Technical Details

SKU EH-12-935
References

http://buguroo.com/adv/BSA-2011-002.txt

BID:50380

Metasploit Filepath post/linux/escalate/trendmicro_iwss_rollbackexe.rb
Targets Trend Micro InterScaWeb Security Suite 3.1
Platform linux
Hashes No
Author Mario Ceballos (mario)
Version $Revision: 206 $
License ExploitHub
Disclosure Date Oct 25, 2011
Validation Status Unvalidated - Sanity Checked
Validation Report 5
Validation Score No
Date Validated No
Validation Queue Position No
Supplementary Data No

Quick Overview

This module abuses a privilege escalation vulnerability in Trend Micro InterScaWeb Security Suite 3.1. The binary "patchCmd" has sticky permissions for the "setuid" and "setgid" with the user root. An unprivileged user can abuse this issue and execute arbitrary commands as root. NOTE: This module has been tested on CentOS4.4.
$50.00

Details

This module abuses a privilege escalation vulnerability in Trend Micro InterScaWeb Security Suite 3.1. The binary "patchCmd" has sticky permissions for the "setuid" and "setgid" with the user root. An unprivileged user can abuse this issue and execute arbitrary commands as root. NOTE: This module has been tested on CentOS4.4.

Product Tags

Use spaces to separate tags. Use single quotes (') for phrases.

Write Your Own Review

You're reviewing: Trend Micro InterScan Web Security Suite Local Privilege Escalation

How do you rate this product? *

  1 star 2 stars 3 stars 4 stars 5 stars
Quality
Price
Value

Customer Reviews

No reviews.