Network Security, Vulnerability Management

McAfee VirusScan for Linux vulnerability gives root access

An independent cybersecurity researcher found a vulnerability in Intel's McAfee VirusScan Enterprise for Linux that can allow a remote code execution as root.

Andrew Fasano blogged that versions 1.9.2 through 2.0.2 of the cybersecurity software are affected. He noted the software was ripe for the picking as it runs as root, is not widely used and had not been updated for quite some time.

Fasano's investigation found 10 specific vulnerabilities that when operated together allow an attacker to execute code as root.

  1. CVE-2016-8016: Remote Unauthenticated File Existence Test
  2. CVE-2016-8017: Remote Unauthenticated File Read (with Constraints)
  3. CVE-2016-8018: No Cross-Site Request Forgery Tokens
  4. CVE-2016-8019: Cross Site Scripting
  5. CVE-2016-8020: Authenticated Remote Code Execution & Privilege Escalation
  6. CVE-2016-8021: Web Interface Allows Arbitrary File Write to Known Location
  7. CVE-2016-8022: Remote Use of Authentication Tokens
  8. CVE-2016-8023: Brute Force Authentication Tokens
  9. CVE-2016-8024: HTTP Response Splitting
  10. CVE-2016-8025: Authenticated SQL Injection

After being notified by Fasano, McaFee issued an update fixing the issues on Dec. 9, the Inquirer reported.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.