□ Overview
o MicroWorld Technologies Inc. released security update to address local privilege escalation vulnerability in eScan Anti-Virus for Linux.
Vulnerability
| Vulnerability Type |
Impact |
Severity |
CVSS Score |
CVE ID |
| Improper input validation |
Local privilege escalation |
High |
7.8 |
CVE-2021-26624 |
□ Description
o An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus.
o This vulnerability is due to invalid arguments and insufficient execution conditions related to "runasroot" command.
o This vulnerability can induce remote attackers to exploit root privileges by manipulating parameter values.
□ Affected Product
Affected Product
| Product |
Version |
Platform |
| eScan Anti-Virus for Linux |
prior of 7.0.31 |
Linux |
□ Solution
o Update software through the eScan Anti-Virus webpage in ‘Reference [1]’ or check the notice e-mail regarding the patch file "espatch-4.0.1.deb".
□ Reference
[1] https://www.escanav.com/en/index.asp
□ Etc
o Thanks to Jeong JaeYoung for reporting this vulnerability.
□ 작성 : 침해사고분석단 취약점분석팀 |
