Some components of Symantec’s LiveUpdate for Macintosh do not set their execution path environment
Risk Impact
Medium
Remote Access
|
No
—|—
Local Access
|
Yes
Authentication Required
|
Yes
Exploit publicly available
|
No
Product
|
Version
|
Build
|
Language
|
Solution(s)
—|—|—|—|—
LiveUpdate for Macintosh
|
3.0.0
|
All
|
All
|
Live Update Patch
3.0.1
|
All
|
All
3.0.2
|
All
|
All
3.0.3
|
5
|
English
3.0.3
|
11
|
All
3.0.3
|
15
|
All
3.5.0
|
47
|
All
3.5.0
|
48
|
All
Norton AntiVirus
|
9.0.x
|
All
|
All
Norton AntiVirus
|
10.x
|
All
|
All
Symantec AntiVirus
|
10.x
|
All
|
All
Norton Personal Firewall
|
3.0.x
|
All
|
All
Norton Personal Firewall
|
3.1.0
|
All
|
All
Norton Internet Security
|
3.0.x
|
All
|
All
Norton Utilities
|
8.0.x
|
All
|
All
Norton SystemWorks
|
3.0.x
|
All
|
All
A non-privileged user can change their execution path environment. If the user then executes one of these components, it will inherit the changed environment and use it to locate system commands. These components are configured to run with System Administrative privileges (SUID) and are vulnerable to a potential Trojan horse attack.
Symantec Response
A patch has been created and made available for all affected versions of the product through Symantec LiveUpdate.
To perform a manual update using Symantec LiveUpdate, users should:
Symantec is not aware of any active attempts against or customers impacted by this issue.
As a part of normal best practices, users should keep vendor-supplied patches for all application software and operating systems up-to-date. Symantec strongly recommends any affected customers update their product immediately to protect against these types of threats.
Symantec thanks DigitalMunition.com working with iDefense, for notifying Symantec of this issue