lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4E7D23B56CB0F742BB97371D5258E6DE031F85FF@dalexmb3.corp.nai.org>
Date: Mon, 18 Sep 2006 14:24:25 -0500
From: <David_Coffey@...fee.com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: Re: McAfee VirusScan Enterprise - disabling the
	client side "On-Access Scan"

This issue is a bug, and should not be considered a security
vulnerability.

The bug deals specifically with manual coordination of processes and gui
access through an administrative account.  The technique works under an
orchestrated situation and requires both local access and administrative
privileges.  Though this bug allows an administrator to turn off the
application though an unplanned for path, it is a right the
administrator has regardless.  There is no elevation or privilege,
manipulation of data, or any other adverse effects that should not
already be entitled to the administrative user.  The proof of concept
methodology reported to us by the researcher, though beneficial in
showing a bug in software, does not indicate a useful attack vector for
our product.  The ability for an administrator to manipulate the running
state is a requirement.

An updated version of Virus Scan Enterprise has been pushed to all live
update servers and is available for download.  This specific bug has
been fixed in Virus Scan Enterprise 8.0i, which was originally
distributed in August of 2004.  An updated version of Virus Scan
Enterprise will remedy this software issue.


Best Regards,

David Coffey
Manager, Principal Security Architect
McAfee, Inc.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ