| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Sep 2006 14:24:25 -0500 From: <David_Coffey@...fee.com> To: <full-disclosure@...ts.grok.org.uk> Subject: Re: McAfee VirusScan Enterprise - disabling the client side "On-Access Scan" This issue is a bug, and should not be considered a security vulnerability. The bug deals specifically with manual coordination of processes and gui access through an administrative account. The technique works under an orchestrated situation and requires both local access and administrative privileges. Though this bug allows an administrator to turn off the application though an unplanned for path, it is a right the administrator has regardless. There is no elevation or privilege, manipulation of data, or any other adverse effects that should not already be entitled to the administrative user. The proof of concept methodology reported to us by the researcher, though beneficial in showing a bug in software, does not indicate a useful attack vector for our product. The ability for an administrator to manipulate the running state is a requirement. An updated version of Virus Scan Enterprise has been pushed to all live update servers and is available for download. This specific bug has been fixed in Virus Scan Enterprise 8.0i, which was originally distributed in August of 2004. An updated version of Virus Scan Enterprise will remedy this software issue. Best Regards, David Coffey Manager, Principal Security Architect McAfee, Inc. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists