CVE-2004-0217

CWE-593 documents3 sources

Severity

7.0HIGH

EPSS

0.1%

top 66.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Antivirus Scan Engine

Timeline

PublishedApr 15

Latest updateApr 29

Description

The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages1 packages

▶NVDsymantec/antivirus_scan_engine4.0, 4.3+1

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-4x77-wr7f-56wv: The LiveUpdate capability (liveupdate↗2022-04-29

▶

CVEList

CVE-2004-0217: The LiveUpdate capability (liveupdate↗2004-03-16

▶