F-Secure Anti-Virus Internet Gatekeeper/Linux Gateway hostname_suid.cgi Local Privilege Escalation

2005-11-07T11:13:25
ID OSVDB:20541
Type osvdb
Reporter Xavier de Leon(xavier@tigerteam.se)
Modified 2005-11-07T11:13:25

Description

Vulnerability Description

F-Secure Anti-Virus Internet Gatekeeper for Linux and F-Secure Anti-Virus Linux Gateway contain a flaw that may allow a malicious local user to elevate privileges to root. The issue is triggered when a user creates a malicious script named hostname.cgi in the current working directory, and executes the SUID script hostname_suid.cgi using its full path. The SUID script will execute the malicious script because it looks for it in the working directory. This flaw may lead to a loss of integrity.

Solution Description

Upgrade F-Secure Anti-Virus Internet Gatekeeper for Linux to version 2.15.484 or higher. Upgrade F-Secure Anti-Virus Linux Gateway to version 2.16 or higher, as these updates have been reported to fix this vulnerability.

It is also possible to correct the flaw by implementing the following workaround: For F-Secure Internet Gatekeeper for Linux: "chmod -s /opt/f-secure/fsigk/cgi/suid.cgi" For F-Secure Anti-Virus Linux Gateway: "chmod -s /home/virusgw/cgi/suid.cgi"

Short Description

F-Secure Anti-Virus Internet Gatekeeper for Linux and F-Secure Anti-Virus Linux Gateway contain a flaw that may allow a malicious local user to elevate privileges to root. The issue is triggered when a user creates a malicious script named hostname.cgi in the current working directory, and executes the SUID script hostname_suid.cgi using its full path. The SUID script will execute the malicious script because it looks for it in the working directory. This flaw may lead to a loss of integrity.

References:

Security Tracker: 1015160 Security Tracker: 1015159 Secunia Advisory ID:17467 Related OSVDB ID: 20539 Related OSVDB ID: 20546 Related OSVDB ID: 20548 Related OSVDB ID: 20549 Related OSVDB ID: 20551 Related OSVDB ID: 20513 Related OSVDB ID: 20537 Related OSVDB ID: 20544 Related OSVDB ID: 20547 Related OSVDB ID: 20550 Related OSVDB ID: 20538 Related OSVDB ID: 20540 Related OSVDB ID: 20542 Related OSVDB ID: 20543 Related OSVDB ID: 20545 Related OSVDB ID: 20552 Other Advisory URL: http://tigerteam.se/dl/exploits/TSEAD-200510-4.txt Other Advisory URL: http://www.f-secure.com/security/fsc-2005-3.shtml Keyword: FSC-2005-3,TSEAD-200510-4 ISS X-Force ID: 22966 Generic Exploit URL: http://www.securiteam.com/exploits/6S0032AEKQ.html FrSIRT Advisory: ADV-2005-2331 CVE-2005-3546 Bugtraq ID: 15339