Trend Micro InterScan Web Security Suite Local Privilege Escalation

Added: 12/09/2011 BID: 50380 OSVDB: 76637 Background Trend Micro InterScan Web Security Suite is an application which dynamically defends against web-based attacks at the Internet gateway. Problem Trend Micro InterScan Web Security Suite is vulnerable to local privilege escalation vulnerability...

Trend Micro InterScan Web Security Suite "patchCmd" 权限提升漏洞

趋势科技的InterScan Web Security Suite（IWSS）在网关处针对基于Web方式的攻击为企业网络提供动态的、集成式的安全保护。 Trend Micro InterScan Web Security Suite for Linux在实现上存在安全漏洞，恶意本地用户可利用此漏洞提升权限。 此漏洞源于在执行某些操作时setuid/setgid root /opt/trend/iwss/data/patch/bin/patchCmd的错误，可通过在CWD中创建PatchExe.sh或RollbackExe.sh脚本获取root权限并执行该二进制文件。 Trend Micr...