AVG Anti-Virus Updated Files Insecure File Permissions

ERCOLINO

Membro dello Staff
Amministratore
Registrato
3 Marzo 2003
Messaggi
247.665
Località
Torino
Secunia Advisory: SA19118 Print Advisory
Release Date: 2006-03-06

Critical:Less critical
Impact: Privilege escalation
Where: Local system
Solution Status: Unpatched

Software: AVG Anti-Virus Free Edition 7.x
AVG Antivirus 6.x
AVG Antivirus Professional

Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.

Description:
RedXII1234 has discovered a security issue in AVG Anti-Virus, which potentially can be exploited by malicious, local users to gain escalated privileges.

The security issue is caused due to the File Update functionality assigning insecure permissions to files that have been updated. This can potentially be exploited by malicious users to delete or replace the updated files.

The security issue has been confirmed in version 7.1.375 (Free Edition). Other versions may also be affected

Solution:
Restrict user access to affected systems.

Provided and/or discovered by:
RedXII1234

Original Advisory:
http://www.dslreports.com/forum/remark,15601404


Bollettino Secunia
 
Indietro
Alto Basso