Mcafee bad catalogz when updating

Before getting into the details of the vulnerabilities in this product, it helps to have a quick understanding of the system architecture.

This product contains two separate services; one running as root and one running as an unprivileged user called nails.

It's trivial to generate a shell script that will take a while to download, but will execute a given payload when run before the download is finished.

This can be done by creating a script that contains a desired payload and then appending the payload with a large comment.

To find how the update server was used, I cloned Mc Afee's update repository locally and then reconfigure the server to download updates from my server.

Two requests are made as part of the update process. The Site Stat file is just a standard XML file that says if a site is enabled and what version of the catalog it is serving.

At a first glance, Intel's Mc Afee Virus Scan Enterprise for Linux has all the best characteristics that vulnerability researchers love: it runs as root, it claims to make your machine more secure, it's not particularly popular, and it looks like it hasn't been updated in a long time.

The web interface doesn't do much to limit what data a malicious user can send to the root service.

There are no CSRF-tokens accompanying any forms on the web interface which allows attackers to submit authenticated requests when an authenticated user browsers to an attacker-controlled, external domain.

Seeing this basic of a vulnerability in an Anti Virus product in 2016 is quite surprising.

A subset of the parameters posted are shown here: The generates the following error in the web interface Attaching strace shows that this parameter is passed directly to execve from a process running as root.

By changing this variable to an executable on the system, an authenticated user can have that binary executed by the root user.

Leave a Reply

  1. who is pink dating now 2016 21-Aug-2019 11:54

    “It’s nice to be able to enter into a house of affluence ...

  2. sccm dynamic collection not updating 09-Apr-2019 13:43

    Learn more, including about available controls: Cookies Policy.

  3. youngstown dating 06-Jul-2019 06:04

    ft 2.40 n Kramer, (27) 1.50, (IG) Jfms 1.50 Litolff, Bd.