Full Disclosure mailing list archives
Re: McAfee VirusScan Enterprise - disabling the client side "On-Access Scan"
From: <David_Coffey () McAfee com>
Date: Mon, 18 Sep 2006 14:24:25 -0500
This issue is a bug, and should not be considered a security vulnerability. The bug deals specifically with manual coordination of processes and gui access through an administrative account. The technique works under an orchestrated situation and requires both local access and administrative privileges. Though this bug allows an administrator to turn off the application though an unplanned for path, it is a right the administrator has regardless. There is no elevation or privilege, manipulation of data, or any other adverse effects that should not already be entitled to the administrative user. The proof of concept methodology reported to us by the researcher, though beneficial in showing a bug in software, does not indicate a useful attack vector for our product. The ability for an administrator to manipulate the running state is a requirement. An updated version of Virus Scan Enterprise has been pushed to all live update servers and is available for download. This specific bug has been fixed in Virus Scan Enterprise 8.0i, which was originally distributed in August of 2004. An updated version of Virus Scan Enterprise will remedy this software issue. Best Regards, David Coffey Manager, Principal Security Architect McAfee, Inc. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: McAfee VirusScan Enterprise - disabling the client side "On-Access Scan" David_Coffey (Sep 18)