SYM07-028 – Symantec AntiVirus for Macintosh and Norton AntiVirus for Macintosh Local Elevation of Privilege
A feature of Symantec AntiVirus for Macintosh and Norton AntiVirus for Macintosh could be used by members of the group admin to execute code as the root user (uid 0) on the local system.
Affected Products
Norton AntiVirus for Macintosh 9.x-10.x
Norton Internet Security for Macintosh 3.x
Symantec AntiVirus for Macintosh 10.0
Symantec AntiVirus for Macintosh 10.1
Solution
Disable “Show Progress During Mount Scans” in the Mount Scan tab of Auto-Protect System preferences.
Note: This vulnerability exists only in products running on the Macintosh platform. It does not exist in products running on Linux or Microsoft Windows.
Symantec Response
Symantec engineers have verified that this issue exists in the products listed above. However, any potential attempt to exploit the issue will fail if Mount Scanning is disabled, or if Mount Scanning is configured to run without showing progress.
Symantec is not aware of any customers impacted by this issue, or of any attempts to exploit the issue.
http://securityresponse.symantec.com/avcenter/security/Content/2007.11.02.html