SB20240819134 - Multiple vulnerabilities in AVG AntiVirus Free

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) UNIX symbolic link following (CVE-ID: CVE-2024-7236)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a symlink following issue within the AVG Installer in icarus function. A local user can abuse the update functionality to create a file and cause a denial of service condition on the target system.

2) UNIX symbolic link following (CVE-ID: CVE-2024-7235)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a symlink following issue within the AVG Installer. A local user can abuse the service to create a folder and cause a denial of service condition on the target system.

3) UNIX symbolic link following (CVE-ID: CVE-2024-7237)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a symlink following issue within the AVG Service in AVGSvc function. A local user can create a specially crafted symbolic link to abuse the service to delete a folder and gain elevated privileges on the target system.

4) UNIX symbolic link following (CVE-ID: CVE-2024-7234)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a symlink following issue within the AVG Service in AVGSvc function. A local user can create a specially crafted symbolic link to abuse the service to delete a file and gain elevated privileges on the target system.

Remediation

Install update from vendor's website.

References

• https://www.zerodayinitiative.com/advisories/ZDI-24-1009/
• https://www.zerodayinitiative.com/advisories/ZDI-24-1006/
• https://www.zerodayinitiative.com/advisories/ZDI-24-1007/
• https://www.zerodayinitiative.com/advisories/ZDI-24-1008/