Today's bugtraq post

Discussion in 'NOD32 version 2 Forum' started by stevenestrada, Apr 5, 2006.

Thread Status:
Not open for further replies.
  1. stevenestrada

    stevenestrada Registered Member

    Joined:
    Apr 13, 2004
    Posts:
    43
    Please refer to version printouts and bugtraq post below.

    Why hasn't ESET initiated a customer contact regarding this, why hasn't the patch been pushed with normal updates, is nod32 for unix affected, what need to be done to get a system patched now?

    ----------------------------------------------------------------

    NOD32 antivirus system information
    Virus signature database version: 1.1471 (20060404)
    Dated: Tuesday, April 04, 2006
    Virus signature database build: 7013

    Information on other scanner support parts
    Advanced heuristics module version: 1.028 (20060324)
    Advanced heuristics module build: 1107
    Internet filter version: 1.002 (2004070:cool:
    Internet filter build: 1013
    Archive support module version: 1.040 (20051222)
    Archive support module build version: 1142

    Information about installed components
    NOD32 For Windows NT/2000/XP/2003 - Base
    Version: 2.50.25
    NOD32 For Windows NT/2000/XP/2003 - Internet support
    Version: 2.50.25
    NOD32 for Windows NT/2000/XP/2003 - Standard component
    Version: 2.50.25

    Operating system information
    Platform: Windows XP
    Version: 5.1.2600 Service Pack 2
    Version of common control components: 5.82.2900
    RAM: 1023 MB
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz (2992 MHz)

    ------------------------------------------------------------------

    NOD32 Update Mirror Creator, Version 2.09,
    (C) 2004 Eset, s.r.o.
    Update started on 04-05-2006, 04:22:16.
    Checking remote update packages at 'www.nod32.com'... ok / 2k (100%)
    Checking local update packages in '/var/opt/eset/nod32/lib/mirror/'... ok (17 nups found).
    Local copy is up to date.
    Update finished at 04:22:17, total time: 1 sec (00:00:01).

    NOD32 Antivirus System Update, Version 2.01,
    (C) 2004 Eset, spol. s r.o.

    Installed version:
    Virus signature database version: 1.1471 (20060404)
    Virus signature database build: 7013

    Update launched: Wed Apr 5 04:22:17 2006

    +-+-------------------------------+---------------------+---------------------+
    | | Module | Available version | Installed version |
    +-+-------------------------------+---------------------+---------------------+
    | | Virus signature database | 1.1471 (7013) | 1.1471 (7013) |
    | | pwscan | 1.001 (1012) | 1.001 (1012) |
    | | utilmod | 1.009 (1067) | 1.009 (1067) |
    | | Archive support | 1.040 (1142) | 1.040 (1142) |
    | | charon | 1.005 (1040) | 1.005 (1040) |
    | | Advanced heuristics | 1.028 (1107) | 1.028 (1107) |
    +-+-------------------------------+---------------------+---------------------+

    Return code 1:
    Your NOD32 Antivirus System is already up-to-date

    ----------------------------------------------------------------------------------------------

    Date: 4 Apr 2006 19:27:20 -0000
    X-Mailer: MIME-tools 5.411 (Entity 5.404)
    From: visitbipin@hotmail.com
    To: bugtraq@securityfocus.com
    Subject: NOD32 local privilege escalation vulnerability

    NOD32 local privilege escalation vulnerability

    Not affected: > Version 2.51.26
    Tested on: Winxp sp2
    Risk: Average

    To escalate the system privilage, the option 'quarentine a file' in NOD32 can be exploited & a malicious file can be copied to the quarentine and using the 'restore to...' option it can be dropped to the directory in which the STSTEM user just had read-only permession.

    Note: from lower privilege, this trick can write a file to any directory in which the user has read-only access to but can't overwrite a file if the file-name already exists.

    Vendor Website: www.eset.com
    Vender reported: Mar 24, 2006
    Patch release: Apr 4, 2006 (Version 2.51.26)

    POC video & detail description: http://bipin.securityhead.com/NOD32.zip

    --

    Bipin Gautam
    http://bipin.tk
     
  2. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    This exploit requires either a deliberatly malicious or stupid user. My question is - why would you let either use your PC to take advantage of this?

    Of course if I have any concern then I hope that it will be resolved. My other question is - do I have any concern?
    You, I and everybody else have far easier means available to elevate privelidges than this :)

    Cheers :)

    afterthought...
    If as a good administrator should, you set a password to protect your NOD32 settings, then who else can otherwise take advantage of this?
     
    Last edited: Apr 6, 2006
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.