Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Rsiky business

From: ned <nd () felinemenace org>
Date: Wed, 12 May 2004 04:57:19 -0700 (PDT)
On Wed, 12 May 2004, Dave Aitel wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So a couple days ago ISS's Ben Layer announced another bug in
McAffee's Enterprise Virus Management package (ePO).
http://xforce.iss.net/xforce/alerts/id/173 . I remember when I
published the Enterprise Application Security paper that NAI was
mighty bothered by my draft's saying "ePO has a patchy security
history". But at this point, three different people (Andreas Junestam,
myself, and Ben) have bothered to look at it, and they've all found a
serious remote root. At what point is the program declaired a high
risk program to run on every machine in your enterprise? If you're a
CISO and you're not thinking about that, you've been promoted to your
level of incompetence
<http://dictionary.reference.com/search?r=2&q=incompetence>! It's
unlikely to be the last bug in ePO, in my opinion. During my brief
binary analysis I remember some wacky things I didn't even bother to
look into.

As some of you with Outlook know, today is my birthday! I'm 28, in
case you're wondering. I think I still have another couple years in me


Happy Birthday!


before I'm considered useless for technical work. So, uh, get your
copy of CANVAS now. I'm going to throw in the Mdeamon bug today, which
had been in the Immunity Vulnerability Sharing Club. Oddly, last night
I was thinking of including it as a present to customers, but I notice
Ned has released it as an advisory today by converting the SPIKE IMAP
script to SMUDGE.



http://www.googlism.com/index.htm?ism=adaptation&type=3

Anyhow, it was postauth. It's as useless as a null-pointer dereference in 
HelixServer.
 

Dave Aitel
Immunity, Inc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAog4NzOrqAtg8JS8RAgQDAJ9JhKqivTR4plM5YjRcxOqr9i5NZQCg9cvR
7aHhu0BYAQ1RLs07ozx4C2Y=
=eAW0
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave



-- 
http://felinemenace.org/~nd

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: