Technical Description

A vulnerability has been identified in various Symantec products for Macintosh, which could be exploited by local attackers to obtain elevated privileges. This issue is caused by insecure permissions being set on the "/Library/Application Support" directory, which could be exploited by malicious members of the group admin to replace an executable used by the Mount Scan feature by a malicious binary and execute arbitrary code with root privileges.

Note : This vulnerability exists only when the Mount Scanning feature enabled and configured to show the progress.

Affected Products

Norton AntiVirus for Macintosh versions 9.x
Norton AntiVirus for Macintosh versions 10.x
Norton Internet Security for Macintosh versions 3.x
Symantec AntiVirus for Macintosh version 10.0
Symantec AntiVirus for Macintosh version 10.1

Solution

The vendor recommends disabling "Show Progress During Mount Scans" in the Mount Scan tab of Auto-Protect System preferences.

References

http://www.vupen.com/english/advisories/2007/3698
http://securityresponse.symantec.com/avcenter/security/Content/2007.11.02.html

Credits

Vulnerability reported by William Carrel.

ChangeLog

2007-11-02 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.