An independent cybersecurity researcher found a vulnerability in Intel’s McAfee VirusScan Enterprise for Linux that can allow a remote code execution as root.
Andrew Fasano blogged that versions 1.9.2 through 2.0.2 of the cybersecurity software are affected. He noted the software was ripe for the picking as it runs as root, is not widely used and had not been updated for quite some time.
Fasano’s investigation found 10 specific vulnerabilities that when operated together allow an attacker to execute code as root.
- CVE-2016-8016: Remote Unauthenticated File Existence Test
- CVE-2016-8017: Remote Unauthenticated File Read (with Constraints)
- CVE-2016-8018: No Cross-Site Request Forgery Tokens
- CVE-2016-8019: Cross Site Scripting
- CVE-2016-8020: Authenticated Remote Code Execution & Privilege Escalation
- CVE-2016-8021: Web Interface Allows Arbitrary File Write to Known Location
- CVE-2016-8022: Remote Use of Authentication Tokens
- CVE-2016-8023: Brute Force Authentication Tokens
- CVE-2016-8024: HTTP Response Splitting
- CVE-2016-8025: Authenticated SQL Injection
After being notified by Fasano, McaFee issued an update fixing the issues on Dec. 9, the Inquirer reported.