TITLE: F-Secure Anti-Virus Internet Gatekeeper/Linux Gateway Privilege Escalation SECUNIA ADVISORY ID: SA17467 VERIFY ADVISORY: http://secunia.com/advisories/17467/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: F-Secure Internet Gatekeeper for Linux 2.x http://secunia.com/product/4635/ F-Secure Anti-Virus Linux Gateway 2.x http://secunia.com/product/6055/ DESCRIPTION: A vulnerability has been reported in F-Secure Anti-Virus Internet Gatekeeper for Linux and F-Secure Anti-Virus Linux Gateway, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to several scripts being installed with the SUID bit set and are world executable. e.g. "/opt/f-secure/fsigk/cgi/*suid.cgi" and "/home/virusgw/cgi/*suid.cgi". These scripts can be exploited by malicious users to gain root privileges. The vulnerability has been reported in the following versions: * F-Secure Anti-Virus Internet Gatekeeper for Linux versions prior to 2.15.484. * F-Secure Anti-Virus Linux Gateway versions prior to 2.16. SOLUTION: Update to the fixed version or remove SUID bit from affected scripts. -- Updating to fixed version -- F-Secure Internet Gatekeeper for Linux: Update to version 2.15.484. ftp://ftp.f-secure.com/support/hotfix/ http://www.f-secure.com/webclub/ F-Secure Anti-Virus Linux Gateway: Update to version 2.16. http://www.f-secure.co.jp/download/ -- Removing SUID bit -- F-Secure Internet Gatekeeper for Linux: "chmod -s /opt/f-secure/fsigk/cgi/*suid.cgi" F-Secure Anti-Virus Linux Gateway: "chmod -s /home/virusgw/cgi/*suid.cgi" PROVIDED AND/OR DISCOVERED BY: The vendor credits Tigerteam.se Security. ORIGINAL ADVISORY: http://www.f-secure.com/security/fsc-2005-3.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------