BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Trend Micro IWSS 3.1 privilege escalation

Disclosed October 25, 2011    Fully Patched

Vulnerability Description:

The Trend Micro InterScan Web Security Suite (IWSS) will run scripts titled either “PatchExe.sh” or “RollbackExe.sh” out of the current directory with root privileges regardless of the privileges with which the IWSS was initially launched with. Successful exploitation would give an attacker root level access to the target machine.

Vendors:

Trend Micro

Vulnerable Software/Devices:

Trend Micro InterScan Web Security Suite for Linux and Solaris 3.1 and prior

Vulnerability Severity:

High

Exploit Availability:

Publicly Available

Exploit Impact:

Elevation of Privilege
This local vulnerability allows an attacker with file write privileges to run arbitrary scripts under the context of system root.

BeyondTrust Prevention and Detection:

 

Mitigation:

No mitigation has been provided.

Links:

CVE(s):

None