SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   McAfee VirusScan ASaP Vendors:   McAfee
(Vendor Releases Fix) Re: McAfee VirusScan ASaP Lets Remote Users View Contents of Files on the Host
SecurityTracker Alert ID:  1002017
SecurityTracker URL:  http://securitytracker.com/id/1002017
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 17 2001
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): tested on NT Workstation 4.0, 2000 Professional
Description:   McAfee's VirusScan ASaP anti-virus software for Windows reportedly contains a vulnerability that allows remote users to access and view files on the host.

VirusScan ASaP reportedly uses peer-to-peer agent technology (called Rumor Technology) to distribute antivirus definitions from host to host. This agent software apparently includes a web server listening on port 6515 and designed to only serve files that are located in the \winnt\mycio\agent\rmrcache directory. The vulnerability allows remote users to use a specially crafted HTTP URL to obtain files located outside of the directory on the same drive that the anti-virus software is installed on. Because the web service runs in the Local system context, all files on the drive can be viewed.

For example, the following type of URL can be used:

HTTP://[targethost]:6515/.../.../.../.../winnt/repair

The vendor has reportedly been notified.

Impact:   A remote user can obtain any files located on the same drive that the anti-virus software is installed on.
Solution:   The vendor has released a fix. The vendor reports that the fix will be downloaded and applied to end user systems in the normal course of updating that VirusScan ASaP
performs each day and that VirusScan ASaP agents that have performed an update
since 03:30 GMT/UTC on July 14, 2001 will have applied the fix.

Vendor URL:  mycio.com/content/virusscan_asap/default.asp (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Windows (Me), Windows (NT), Windows (95), Windows (98), Windows (2000)

Message History:   This archive entry is a follow-up to the message listed below.
Jul 12 2001 McAfee VirusScan ASaP Lets Remote Users View Contents of Files on the Host



 Source Message Contents

Subject:  McAfee ASaP Virusscan - MyCIO HTTP Server Directory Traversal Vul


-----BEGIN PGP SIGNED MESSAGE-----

McAfee would like to advise NT Bugraq readers of the release of a fix
for the vulnerability:

McAfee has taken action to address the vulnerability discovered in
the
VirusScan ASaP agent technology, which affected all users of
VirusScan ASaP. McAfee has distributed the fix to all McAfee ASaP
update sites for automatic
distribution to end users. The fix will be downloaded and applied to
end user systems in the normal course of updating that VirusScan ASaP
performs
each day. Any VirusScan ASaP agents that have performed an update
since 03:30 Greenwich Mean Time on July 14, 2001 will have applied
the fix.

Users who wish to manually initiate an update can do so by double
clicking
on the VirusScan ASaP system tray icon. Users who have questions
about this procedure or
experience other issues should contact McAfee technical support
through standard channels.

McAfee has received no reports of security breaches at customer sites
as a result of this vulnerability.

Stephanie Sparck
Manager of Channel Marketing
Network Associates
__________________________________________

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4

iQCVAwUBO1NIik+RBmuavn3GAQEYLgQAsINJ7edmzIbXD8X+DJvaSwbybuXZ5QJg
BKH+g/F6E1nFJSknzeAyScpP5HjKR6zDswdiwD/6O9HT1skaFZoDT5vG2md//tiM
Ln2zZPBTWrA7jThhLNQ8wNZG8+O3eygIPnKA3wTBB+GX28QCuTzRWJGAV0wtRyuV
H/96Jm/PM7w=
=+8iL
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
Delivery co-sponsored by Trend Micro
============================================================================
TREND MICRO REAL-TIME VIRUS ALERTS
If you would like to know about a virus outbreak before CNN and ZDNet get
Trend Micro Virus Info Feed FREE. Simply copy and paste a small piece of
code to give your visitors a real-time top 10 list and the latest virus
advisories. Setup takes just 10 minutes and requires no server-side code on
your Web site. All content is updated automatically from Trend Micro's Web
site.
http://www.antivirus.com/banners/tracking.asp?si=8&bi=237&ul=/syndication/
vinfo/
----------------------------------------------------------------------------

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC