Main Vulnerability Database Vulnerabilities #VU6721

#VU6721 Privilege escalation in ServerProtect for Linux - CVE-2017-9036

Published: May 25, 2017

Vulnerability identifier: #VU6721

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2017-9036

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
ServerProtect for Linux

Software vendor:
Trend Micro

Description

The disclosed vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to improper security restrictions set on the quarantine directory by the affected software. A local attacker can write an arbitrary file to any location on the file system and gain root privileges.

Successful exploitation of this vulnerability results in privilege escalation.

Remediation

Update to version 3.0 CP 1531.

External links

https://success.trendmicro.com/solution/1117411
https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities