Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[NT] McAfee Internet Security Suite Race Condition Vulnerability

from [SecuriTeam] Network Security [Permanent Link]
Subject: [NT] McAfee Internet Security Suite Race Condition Vulnerability
Date: 19 Apr 2005 11:22:00 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  McAfee Internet Security Suite Race Condition Vulnerability
------------------------------------------------------------------------


SUMMARY

 <http://www.mcafeesecurity.com/> McAfee Internet Security Suite is a 
"product used to protect a personal computer from virus infections, and 
additionally provides firewall and privacy control functionality".

Local exploitation of an insecure permission vulnerability in McAfee 
Internet Security Suite allows attackers to escalate non-Administrator 
privileges or disable protection.

DETAILS

Vulnerable Systems:
 * McAfee Internet Security Suite 2005

The vulnerability specifically exists in the default file Access Control 
List (ACL) settings that are applied during installation. When an 
administrator installs McAfee Internet Security Suite 2005, the default 
ACL allows non-Administrator users to modify the installed files. Because 
of the fact that some of the programs run as system services, a 
non-Administrator user can simply replace an installed McAfee Internet 
Security Suite 2005 file with their own malicious code that will later be 
executed with system privileges.

Successful exploitation allows local attackers to escalate privileges the 
system level. It is also possible to use this vulnerability to simply 
disable protection by moving all of the executable files so that they 
cannot start upon a reboot.

Workaround:
Apply proper Access Control List settings to the directory that McAfee 
Internet Security Suite 2005 is installed in. The ACL rules should make 
sure that no regular users can modify files in the directory.

Vendor Status:
"McAfee has acknowledged this issue and is providing automated fixes for 
registered users. This issue affects an extremely small subset of the 
McAfee Internet Security Suite 2005 user base as the vast majority of home 
users do not use non-Administrator Windows accounts.

Registered McAfee Internet Security Suite 2005 users should have 
automatically downloaded and installed high-priority McAfee security 
software updates by default, and now have fixes for this vulnerability 
installed on their computers.

To manually check for updates, users can right-click the McAfee system 
tray icon (white M on red background) and select 'Updates'. In the 
resulting dialogue box, they should click 'Check Now' to check the server 
for updates.  The user will be walked through the update process or be 
notified that all software is up to date.  If a user has not yet 
registered, a registration web page or the registration wizard will 
pop-up, guiding the user through the update process.

McAfee's key priority is the security of our customers.  In the event that 
a vulnerability is found within any of McAfee's software, we have a strong 
process in place to work closely with the relevant security research group 
to ensure the rapid and effective development of a fix and communication 
plan."

CVE Information:
 <http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1107> 
CAN-2005-1107

Disclosure Timeline:
02/04/2005 - Initial vendor notification
02/07/2005 - Initial vendor response
04/18/2005 - Coordinated public disclosure


ADDITIONAL INFORMATION

The information has been provided by  
<mailto:idlabs-advisories@idefense.com> idlabs.
The original article can be found at:  
<http://www.idefense.com/application/poi/display?id=233&type=vulnerabilities> 
http://www.idefense.com/application/poi/display?id=233&type=vulnerabilities



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [NT] McAfee Internet Security Suite Race Condition Vulnerability, SecuriTeam <=
Previous by Date:  [EXPL] Openssl-Too-Open: Apache / OpenSSL Remote Exploit, SecuriTeam
Next by Date:  [EXPL] Webcam Publisher Buffer Overflow (Exploit), SecuriTeam
Previous by Thread:  [EXPL] Openssl-Too-Open: Apache / OpenSSL Remote Exploit, SecuriTeam
Next by Thread:  [EXPL] Webcam Publisher Buffer Overflow (Exploit), SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]