NOD32 Privilege Escalation Vulnerabilities

Discussion in 'news, general information and FAQs' started by NICK ADSL UK, Apr 7, 2006.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    NOD32 Privilege Escalation Vulnerabilities

    Secunia Advisory: SA19054
    Release Date: 2006-04-05


    Critical:
    Less critical
    Impact: Privilege escalation

    Where: Local system

    Solution Status: Vendor Patch

    Software: NOD32 for Windows NT/2000/XP/2003 2.x

    Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.

    CVE reference: CVE-2006-0951

    Description:
    Two vulnerabilities have been reported in NOD32, which can be exploited by malicious, local users to gain escalated privileges.

    1) The NOD32 GUI (nod32.exe) runs with SYSTEM privileges when a scheduled on-demand scan is being run by the scheduler. This can be exploited to invoke cmd.exe with SYSTEM privileges when a scheduled scan is running.

    The vulnerability has been confirmed in version 2.5 for WinNT/2k/XP/2003 (nod32krn.exe/nod32.exe 2.51.20.0). Other versions may also be affected.

    2) The program doesn't drop its SYSTEM privileges before allowing a user to use the "Restore to..." feature to restore a quarantined file. This can be exploited to write a file to an arbitrary directory with SYSTEM privileges if a file with the given filename doesn't already exist.

    Solution:
    Update to version 2.51.26 or later.

    http://secunia.com/advisories/19054/
     
Thread Status:
Not open for further replies.