Symantec LiveUpdate Administrator Insecure Permissions Local Privilege Escalation (credentialed check)
High Nessus Plugin ID 59193
SynopsisAn update management application installed on the remote Windows host has a privilege escalation vulnerability.
DescriptionThe version of Symantec LiveUpdate Administrator (LUA) installed on the remote host has a privilege escalation vulnerability. The installation directory allows write access to the Everyone group. This directory contains batch files that are periodically executed as SYSTEM. A local, unprivileged attacker could exploit this by creating or modifying files that will be executed as SYSTEM, resulting in privilege escalation.
A partial fix for this issue was included in LUA 2.3.1, but it does not mitigate all possible attack vectors.
SolutionUpgrade to Symantec LiveUpdate Administrator 2.3.2 or later.