Re: McAfee VirusScan Enterprise - disabling the client side "On-Access Scan"

[<David_Coffey () McAfee com>]

This issue is a bug, and should not be considered a security
vulnerability.

The bug deals specifically with manual coordination of processes and gui
access through an administrative account.  The technique works under an
orchestrated situation and requires both local access and administrative
privileges.  Though this bug allows an administrator to turn off the
application though an unplanned for path, it is a right the
administrator has regardless.  There is no elevation or privilege,
manipulation of data, or any other adverse effects that should not
already be entitled to the administrative user.  The proof of concept
methodology reported to us by the researcher, though beneficial in
showing a bug in software, does not indicate a useful attack vector for
our product.  The ability for an administrator to manipulate the running
state is a requirement.

An updated version of Virus Scan Enterprise has been pushed to all live
update servers and is available for download.  This specific bug has
been fixed in Virus Scan Enterprise 8.0i, which was originally
distributed in August of 2004.  An updated version of Virus Scan
Enterprise will remedy this software issue.


Best Regards,

David Coffey
Manager, Principal Security Architect
McAfee, Inc.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/