CVE: CVE-2004-0217

Export to Word

The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.00134
Percentile: 0.33947

CVSS Scoring

CVSS v3.1 Score: 7.0

Severity: HIGH

Mapped CWE(s)

CWE-59 : Improper Link Resolution Before File Access ('Link Following')

All CAPEC(s)

CAPEC-132: Symlink Attack
CAPEC-17: Using Malicious Files
CAPEC-35: Leverage Executable Code in Non-Executable Files
CAPEC-76: Manipulating Web Input to File System Calls

CAPEC(s) with Mapped TTPs

CAPEC-132: Symlink Attack
Mapped TTPs:
- T1547.009 : Shortcut Modification
CAPEC-17: Using Malicious Files
Mapped TTPs:
- T1574.005 : Executable Installer File Permissions Weakness
- T1574.010 : Services File Permissions Weakness
CAPEC-35: Leverage Executable Code in Non-Executable Files
Mapped TTPs:
- T1027.006 : HTML Smuggling
- T1027.009 : Embedded Payloads
- T1564.009 : Resource Forking

Mapped ATT&CK TTPs

T1547.009 : Shortcut Modification
Kill Chain: persistence
T1574.005 : Executable Installer File Permissions Weakness
Kill Chain: persistence
T1574.010 : Services File Permissions Weakness
Kill Chain: persistence
T1027.006 : HTML Smuggling
Kill Chain: defense-evasion
T1027.009 : Embedded Payloads
Kill Chain: defense-evasion
T1564.009 : Resource Forking
Kill Chain: defense-evasion

Malware

APTs Threat Group Associations

Campaigns

C0021

Affected Products

cpe:2.3:a:symantec:antivirus_scan_engine:4.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:*:*:*:*:*:*

← Back to Home