Bugtraq mailing list archives
Re: [Full-disclosure] [IVIZ-08-010] McAfee SafeBoot Device Encryption Plain Text Password Disclosure (v4, Build 4750 and below)
From: "Kenneth Ng" <kenneth.d.ng () gmail com>
Date: Fri, 26 Sep 2008 13:23:46 -0400
Does anyone know how to check the build version number on the agent? Or is there a comparison with that build number and a x.y.z version id? On Thu, Sep 18, 2008 at 5:44 AM, iViZ Security Advisories <advisories () iviztechnosolutions com> wrote:
----------------------------------------------------------------------- [ iViZ Security Advisory 08-010 17/09/2008 ] ----------------------------------------------------------------------- iViZ Techno Solutions Pvt. Ltd. http://www.ivizsecurity.com ----------------------------------------------------------------------- * Title: McAfee SafeBoot Device Encryption Plain Text Password Disclosure * Date: 17/09/2008 * Software: McAfee SafeBoot Device Encryption v4, Build 4750 and below --[ Synopsis: The password checking routine of SafeBoot Device Encryption fails to sanitize the BIOS keyboard buffer after reading passwords, resulting in plain text password leakage to unprivileged local users. --[ Affected Software: * SafeBoot Device Encryption v4, Build 4750 and below --[ Non Affected Software: * SafeBoot Device Encryption v4, Build 4760 and above * SafeBoot Device Encryption v5.x --[ Technical description:
[edit]
Current thread:
- Re: [Full-disclosure] [IVIZ-08-010] McAfee SafeBoot Device Encryption Plain Text Password Disclosure (v4, Build 4750 and below) Kenneth Ng (Sep 26)