Trend Micro Interscan VirusWall Symlink Root Compromise Vulnerability

Interscan VirusWall creates temporary files in the world-writeable /tmp directory with predictable filenames. It is possible for a malicious user to create symbolic links in /tmp with guessed/predicted filenames, knowing in advance that Interscan VirusWall will be run by root. When this happens, the files pointed to by the correctly guessed symbolic links will be overwritten by VirusWall (as root). If the attacker is able to control the data being written to these temporary files by VirusWall, it is possible to obtain root privilege.


Privacy Statement
Copyright 2010, SecurityFocus