Vulnerability ID 5398

Symantec LiveUpdate up to 2.3.0 on Windows Tomcat (LUA Frontend) privilege escalation

Symantec
CVSSv3 Temp ScoreCurrent Exploit Price (≈)
8.0$0-$1k

A vulnerability was found in Symantec LiveUpdate up to 2.3.0 on Windows. It has been declared as critical. This vulnerability affects an unknown function of the component Tomcat (LUA Frontend). The manipulation with an unknown input leads to a privilege escalation vulnerability. As an impact it is known to affect confidentiality, integrity, and availability.

The weakness was presented 05/18/2012 with Tenable Network Security (OSVDB). The advisory is shared for download at osvdb.org. This vulnerability was named CVE-2012-0304 since 01/04/2012. The exploitation appears to be easy. Local access is required to approach this attack. No form of authentication is required for a successful exploitation. Technical details are unknown but a public exploit is available.

As 0-day the estimated underground price was around $10k-$25k. The vulnerability scanner Nessus provides a plugin with the ID 59193 (Symantec LiveUpdate Administrator Insecure Permissions Local Privilege Escalation (credentialed check)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows.

Upgrading to version 2.3.1 eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

The vulnerability is also documented in the databases at SecurityFocus (BID 53903), X-Force (76412), Secunia (SA49631), SecurityTracker (ID 1027182) and Vulnerability Center (SBV-35644).

CVSSv3

Base Score: 8.4 [?]
Temp Score: 8.0 [?]
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:O/RC:C [?]
Reliability: High

CVSSv2

Base Score: 7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C) [?]
Temp Score: 6.3 (CVSS2#E:ND/RL:OF/RC:C) [?]
Reliability: High

AVACAuCIA
LHMNNN
AMSPPP
NLNCCC
VectorComplexityAuthenticationConfidentialityIntegrityAvailability
LocalHighMultipleNoneNoneNone
AdjacentMediumSinglePartialPartialPartial
NetworkLowNoneCompleteCompleteComplete

CPE

Exploiting

Class: Privilege escalation (CWE-264)
Local: Yes
Remote: No

Availability: No
Access: Public

Current Price Estimation: $10k-$25k (0-day) / $0-$1k (Today)

0-Day$0-$1k$1k-$2k$2k-$5k$5k-$10k$10k-$25k$25k-$50k$50k-$100k$100k-$500k
Today$0-$1k$1k-$2k$2k-$5k$5k-$10k$10k-$25k$25k-$50k$50k-$100k$100k-$500k


Nessus ID: 59193
Nessus Name: Symantec LiveUpdate Administrator Insecure Permissions Local Privilege Escalation (credentialed check)
Nessus File: symantec_lua_2_3_1.nasl
Nessus Family: Windows

Countermeasures

Recommended: Upgrade
Status: Official fix
0-Day Time: 0 days since found

Upgrade: LiveUpdate 2.3.1

Timeline

03/14/2011 Countermeasure disclosed
01/04/2012 +296 days CVE assigned
05/18/2012 +135 days Advisory disclosed
05/18/2012 +0 days Nessus plugin released
05/19/2012 +1 days OSVDB entry created
05/22/2012 +3 days VulDB entry created
06/15/2012 +24 days SecurityFocus entry assigned
06/15/2012 +0 days VulnerabilityCenter entry assigned
06/18/2012 +3 days SecurityTracker entry created
06/22/2012 +4 days NVD disclosed
07/24/2012 +32 days VulnerabilityCenter entry created
09/16/2012 +54 days VulnerabilityCenter entry updated
07/08/2015 +1026 days VulDB entry updated

Sources

Advisory: osvdb.org
Organization: Tenable Network Security
Status: Confirmed
Confirmation: symantec.com

CVE: CVE-2012-0304 (mitre.org) (nvd.nist.org) (cvedetails.com)

SecurityFocus: 53903 - Symantec LiveUpdate Administrator Insecure File Permissions Local Privilege Escalation Vulnerability
Secunia: 49631 - Symantec LiveUpdate Administrator Insecure File Permissions, Less Critical
X-Force: 76412
SecurityTracker: 1027182 - Symantec LiveUpdate Administrator Lets Local Users Gain Elevated Privileges
Vulnerability Center: 35644 - Symantec LiveUpdate Administrator Before 2.3.1 Local Pribilege Escalation Vulnerability, Medium
OSVDB: 81902 - Symantec LiveUpdate Administrator Installation Directory Permission Weakness Local Privilege Escalation

Entry

Created: 05/22/2012
Updated: 07/08/2015
Entry: 92.9% complete