Security

Security news roundup: November 5

Here's a collection of recent security vulnerabilities and alerts, which covers a local escalation of priviledge in Symantec Antivirus for Mac, vulnerabilities discovered in ACDSee, and a vulnerability found in IPSwitch e-mail client - which comes bundled with theIPSwitch IMail Server for Windows.

Here's a collection of recent security vulnerabilities and alerts, which covers a local escalation of priviledge in Symantec Antivirus for Mac, vulnerabilities discovered in ACDSee, and a vulnerability found in IPSwitch e-mail client - which comes bundled with the IPSwitch IMail Server for Windows.

  • Local escalation of privilege vulnerability in Symantec Antivirus for Mac
A feature in both Norton and Symantec Antivirus for the Mac could be used by members of the group admin to execute code as the root user (uid 0) on the local system.
Excerpt from Symantec's Security Advisory:
An executable used by the Mount Scan feature of Symantec AntiVirus for Macintosh and Norton AntiVirus for Macintosh runs with root access. A member of group admin could replace this executable with code of their choice, and gain user root access.

As one of two possibility ways to mitigate the problem, Symantec recommends that users disables "Show Progress During Mount Scans" in the Mount Scan tab of Auto-Protect System preferences.

  • Vulnerabilities discovered in ACDSee

Secunia Research has discovered some vulnerabilities in ACDSee products which can be exploited by attackers to inject and execute malicious code embedded in images attached to e-mail or downloaded from websites.

According to the security advisory, ACDSee Photo Manager Version 9.0 Build 108, ACDSee Pro Photo Manager Version 8.1 Build 99 and ACDSee Photo Editor Version 4.0 Build 195 are affected.

Additional information from ACDSee as well as an update is available here.

  • Vulnerability found in IPSwitch e-mail client

A vulnerability has been discovered in IMail Client 9.22 for Windows, which is included in IPSwitch IMail Server 2006. The vendor recommends deleting the client from the server. The client will also be removed from future releases.

According to heise Security:

A buffer overflow occurs when "multipart" MIME data are read. Secunia have discovered that a boundary parameter longer than 212 bytes provokes the overflow, which in turn allows code to be written onto the stack and launched with the user's rights. The flaw was discovered in version 9.22 of the client.

About

Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.

Editor's Picks