Title: symantec_av: Don't run sav command if it isn't owned by root
Class: security
Compatible: compat
Component: checks
Date: 1709110689
Edition: cre
Level: 1
Version: 2.2.0p24
Symantec Anti Virus plugin uses /opt/Symantec/symantec_antivirus/sav command
to monitor a Symantec Anti Virus installation.
To prevent privilege escalation, the plugin (which is run by root user) must
not run executables which can be changed by less privileged users.
In the default installation, sav command is owned by root and root is the only
user with write permissions, which prevents privilege escalation attacks.
With this Werk, the plugin checks if sav command is owned by root and root
is the only user with write permissions before running the command. If that's not
the case the command won't be run. This prevents privilege escalation attacks if
the permissions of the sav command have been changed.
We rate this with a CVSS of 0 (None) (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N).
This CVSS is primarily meant to please automatic scanners.
CMK-15318
Show replies by date