Question/Issue:
A feature of Symantec AntiVirus for Macintosh and Norton AntiVirus for Macintosh could be used by members of the group admin to execute code as the root user (uid 0) on the local system.
An executable used by the Mount Scan feature of Symantec AntiVirus for Macintosh and Norton AntiVirus for Macintosh runs with root access. A member of group admin could replace this executable with code of their choice, and gain user root access.
Symptoms:
Symantec is not aware of any customers impacted by this issue, or of any attempts to exploit the issue.
Cause:
The folder /Library/Application Support has group ownership admin (gid 80). The folder is also group-writable, so programs launched by users with admin privileges can rename folders with /Library/Application Support without explicitly alerting the user. This could potentially be used to spoof the Disk Mount scanner into launching an arbitrary executable when a disk is inserted.
Solution:
This vulnerability has been fixed in Symantec AntiVirus for Macintosh version 10.2, Norton AntiVirus for Macintosh 11.0, and later.
The following workarounds are only for customers still running older versions of Symantec AntiVirus for Macintosh or Norton AntiVirus for Macintosh:
Document ID: 2008021511052348
Last Modified: 04/07/2008
Date Created: 02/15/2008
Operating System(s): OS X 10.3.x, OS X 10.4.x, OS X 10.5.x
Product(s): Symantec AntiVirus for Macintosh 10.0
Release(s): Symantec AntiVirus for Macintosh 10.0, Symantec AntiVirus for Macintosh 10.1
Cart
PRINT THIS PAGE