Vulnerability Name:

CVE-2004-1149 (CCN-18502)

Assigned:2004-12-15
Published:2004-12-15
Updated:2021-04-09
Summary:Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including 7.0.1.4, installs its files with insecure permissions (ACLs), which allows local users to gain privileges by replacing critical programs with malicious ones, as demonstrated using VetMsg.exe.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: CONFIRM
Type: UNKNOWN
http://crm.my-etrust.com/login.asp?username=guest&target=DOCUMENT&openparameter

Source: MITRE
Type: CNA
CVE-2004-1149

Source: IDEFENSE
Type: UNKNOWN
20041215 Computer Associates eTrust EZ Antivirus Insecure File Permission Vulnerability

Source: CCN
Type: iDEFENSE Security Advisory 12.15.04
Computer Associates eTrust EZ Antivirus Insecure File Permission Vulnerability

Source: CCN
Type: OSVDB ID: 12407
CA eTrust EZ Anti-Virus VetMsg.exe Local Privilege Escalation

Source: CCN
Type: BID-11971
Computer Associates eTrust EZ Antivirus Local Insecure Default Installation Vulnerability

Source: XF
Type: UNKNOWN
etrust-antivirus-insecure-permissions(18502)

Source: XF
Type: UNKNOWN
etrust-antivirus-insecure-permissions(18502)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:broadcom:etrust_ez_antivirus:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:7.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:7.0.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:7.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:7.0.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:7.0.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:7.0.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:7.0.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:7.0.2:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:broadcom:etrust_ez_antivirus:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:7.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:7.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:7.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:7.0.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:7.0.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:7.0.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:7.0.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:7.0.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_ez_antivirus:7.0.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    broadcom etrust ez antivirus 7.0
    broadcom etrust ez antivirus 7.0.1
    broadcom etrust ez antivirus 7.0.4
    broadcom etrust ez antivirus 7.0.2.1
    broadcom etrust ez antivirus 7.0.3
    broadcom etrust ez antivirus 7.0.1.1
    broadcom etrust ez antivirus 7.0.1.2
    broadcom etrust ez antivirus 7.0.1.3
    broadcom etrust ez antivirus 7.0.1.4
    broadcom etrust ez antivirus 7.0.2
    ca etrust ez antivirus 7.0
    ca etrust ez antivirus 7.0.1
    ca etrust ez antivirus 7.0.2
    ca etrust ez antivirus 7.0.4
    ca etrust ez antivirus 7.0.1.1
    ca etrust ez antivirus 7.0.1.2
    ca etrust ez antivirus 7.0.1.3
    ca etrust ez antivirus 7.0.1.4
    ca etrust ez antivirus 7.0.2.1
    ca etrust ez antivirus 7.0.3