본문내용 바로가기 메인메뉴 바로가기 푸터 바로가기

Security Advisory

CVE-2021-26624 | eScan Anti-Virus Local privilege escalation Vulnerability2022.03.31
□ Overview
 o MicroWorld Technologies Inc. released security update to address local privilege escalation vulnerability in eScan Anti-Virus for Linux.
Vulnerability
Vulnerability Type Impact Severity CVSS Score CVE ID
Improper input validation Local privilege escalation High 7.8 CVE-2021-26624

□ Description
 o An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus.
 o This vulnerability is due to invalid arguments and insufficient execution conditions related to "runasroot" command.
 o This vulnerability can induce remote attackers to exploit root privileges by manipulating parameter values.

□ Affected Product
Affected Product
Product Version Platform
eScan Anti-Virus for Linux prior of 7.0.31 Linux

□ Solution
 o Update software through the eScan Anti-Virus webpage in ‘Reference [1]’ or check the notice e-mail regarding the patch file "espatch-4.0.1.deb".

□ Reference
 [1] https://www.escanav.com/en/index.asp

□ Etc
 o Thanks to Jeong JaeYoung for reporting this vulnerability.


□ 작성 : 침해사고분석단 취약점분석팀