Bugtraq mailing list archives
Mcafee Alerting DOS vulnerability
From: schmilllson () HOTMAIL COM (Harry Schmilllson)
Date: Wed, 7 Jun 2000 15:28:07 PDT
This is my first post to the list. Hope it's on traq! I have found that the alerting mechanism in Mcafee's VirusScan 4.03 could allow any network user to create unlimited "alerts" and send them to the Central Alert server(s). The alerts from Win9X clients are in the form of a formatted text file. This file includes info such as user name, computer name, virus name, etc... A malicious user could format this text file and insert any info desired including existing or non-existent usernames, computer names, virus names etc.... The alert server receives these messages in a share with everyone create, write and delete access. This could be used in some very interesting ways! ________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
Current thread:
- local root on linux 2.2.15 Peter van Dijk (Jun 07)
- Mcafee Alerting DOS vulnerability Harry Schmilllson (Jun 07)
- Re: local root on linux 2.2.15 Wojciech Purczynski (Jun 08)
- Re: local root on linux 2.2.15 Tomasz Grabowski (Jun 08)
- Re: local root on linux 2.2.15 Philip Guenther (Jun 08)
- Re: local root on linux 2.2.15 Wojciech Purczynski (Jun 12)
- Re: local root on linux 2.2.15 Jeff Dafoe (Jun 14)
- Re: local root on linux 2.2.15 Wojciech Purczynski (Jun 14)
- MS-040 'proof of concept' code Renaud Deraison (Jun 13)
- <Possible follow-ups>
- Re: local root on linux 2.2.15 Tollef Fog Heen (Jun 11)
- Re: local root on linux 2.2.15 Peter da Silva (Jun 15)