Skip to main content

Security flaw in McAfee enterprise software gives attackers root access

posted onDecember 14, 2016
by l33tdawg

Security researcher Andrew Fasano from MIT Lincoln Laboratory said this week that a total of 10 security flaws, if chained together, allows the execution of code remotely as a root user.

"At a first glance, Intel's McAfee VirusScan Enterprise for Linux has all the best characteristics that vulnerability researchers love: it runs as root, it claims to make your machine more secure, it's not particularly popular, and it looks like it hasn't been updated in a long time," the security advisory reads. "When I noticed all these, I decided to take a look."

The vulnerabilities are present from at least VirusScan Enterprise for Linux version 1.9.2 through 2.0.2, which was released in April this year. "The only difference from the older release appears to be updating to a newer version of libc which makes exploiting these vulnerabilities easier," Fasano says.

Source

Tags

Security

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Simplenews subscription

Stay informed - subscribe to our newsletter.
The subscriber's email address.
Keeping Knowledge Free for Over a Decade

Copyright © 2018 Hack In The Box. All rights reserved.

36th Floor, Menara Maxis, Kuala Lumpur City Centre 50088 Kuala Lumpur Malaysia
Tel: +603-2615-7299 Fax: +603-2615-0088