CVE-2004-0217
HIGHSymantec AntiVirus Scan Engine 4.0 and 4.3 - Arbitrary File Write via Symlink Attack on LiveUpdate.log
Title source: llmDescription
The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log.
References (3)
Core 3
Core References
Broken Link, Patch, Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/9662
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15215
Exploit, Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107694800908164&w=2
Scores
CVSS v3
7.0
EPSS
0.0013
EPSS Percentile
32.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-59
Status
published
Products (2)
symantec/antivirus_scan_engine
4.0
symantec/antivirus_scan_engine
4.3
Published
Apr 15, 2004
Tracked Since
Feb 18, 2026