CVE-2021-23892
EUVD-2021-1081812.05.2021, 09:15
By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW) installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitrary code through insecure use of predictable temporary file locations.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| mcafee | endpoint_security_for_linux_threat_prevention | 10.5.0 ≤ 𝑥 < 10.7.5 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race ConditionThe software checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the software to perform invalid actions when the resource is in an unexpected state.