Vulnerability Description
The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and 10.x, Norton AntiVirus for Macintosh 10.0 and 10.1, and Norton Internet Security for Macintosh 3.x, uses a directory with weak permissions (group writable), which allows local admin users to gain root privileges by replacing unspecified files, which are executed when a user with physical access inserts a disk and the "Show Progress During Mount Scans" option is enabled.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Norton Antivirus | 9.0 |
| Symantec | Norton Internet Security | 3.0 |
Related Weaknesses (CWE)
References
- http://osvdb.org/40864
- http://secunia.com/advisories/27488Vendor Advisory
- http://securityresponse.symantec.com/avcenter/security/Content/2007.11.02.html
- http://securitytracker.com/id?1018889
- http://securitytracker.com/id?1018890
- http://www.securityfocus.com/bid/26253
- http://www.vupen.com/english/advisories/2007/3698Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38229
- http://osvdb.org/40864
- http://secunia.com/advisories/27488Vendor Advisory
- http://securityresponse.symantec.com/avcenter/security/Content/2007.11.02.html
- http://securitytracker.com/id?1018889
- http://securitytracker.com/id?1018890
- http://www.securityfocus.com/bid/26253
- http://www.vupen.com/english/advisories/2007/3698Vendor Advisory
FAQ
What is CVE-2007-5829?
CVE-2007-5829 is a vulnerability with a CVSS score of 6.0 (MEDIUM). The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and 10.x, Norton AntiVirus for Macintosh 10.0 and 10.1, and Norton Internet Security for Macintosh 3.x, uses a directory with weak permis...
How severe is CVE-2007-5829?
CVE-2007-5829 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5829?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Norton Antivirus, Symantec Norton Internet Security.