Next Page >>
McAfee
________________________________________________________________________
From the low-hanging-fruit-department - Mcafee multiple generic evasions
________________________________________________________________________
Release mode: Coordinated but limited disclosure.
Ref : TZO-182009 - Mcafee multiple generic evasions
WWW : http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html
Vendor : http://www.mcafee.com
Status : Patched
________________________________________________________________________
McAfee multiple products - Generic PDF detection bypass
________________________________________________________________________
***********************************************************************
Cheap plug :
If you are interested in client side vulnerabilities visit HACK.LU
starting tomorrow 28-30 Oct with :
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
SecureWorks Security Advisory SWRX-2009-001
McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability
Advisory Information
Title: McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability
Advisory ID: SWRX-2009-001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
SecureWorks Security Advisory SWRX-2009-002
McAfee Network Security Manager Authentication Bypass and Session Hijacking Vulnerability
Advisory Information
Title: McAfee Network Security Manager Authentication Bypass and Session Hijacking Vulnerability
Advisory ID: SWRX-2009-002
>
> -----Original Message-----
> From: NSO Research [mailto:nso-research@sotiriu.de]
> Sent: 02 March 2010 21:30
> To: bugtraq@securityfocus.com
> Subject: NSOADV-2010-004: McAfee LinuxShield remote/local code execution
>
> ______________________________________________________________________
>
> NSOADV-2010-004: McAfee LinuxShield remote/local code execution
> ______________________________________________________________________
-----Original Message-----
From: NSO Research [mailto:nso-research@sotiriu.de]
Sent: 02 March 2010 21:30
To: bugtraq@securityfocus.com
Subject: NSOADV-2010-004: McAfee LinuxShield remote/local code execution
______________________________________________________________________
NSOADV-2010-004: McAfee LinuxShield remote/local code execution
______________________________________________________________________
______________________________________________________________________
NSOADV-2010-004: McAfee LinuxShield remote/local code execution
______________________________________________________________________
______________________________________________________________________
111101111
11111 00110 00110001111
111111 01 01 1 11111011111111
11111 0 11 01 0 11 1 1 111011001
INFIGO IS Security Advisory #ADV-2008-01-06
http://www.infigo.hr/en/
Title: McAfee E-Business Server Remote Preauth Code Execution / DoS
Advisory ID: INFIGO-2008-01-06
Date: 2008-01-09
Advisory URL: http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-01-06
Impact: Remote code execution
Risk Level: High
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I - TITLE
Security advisory: McAfee Virus Scan for Linux and Unix v5.10.0 Local
Buffer Overflow
II - SUMMARY
Description: Local buffer overflow vulnerability in McAfee Virus Scan
http://www.infigo.hr/en/
Title: McAfee E-Business Server Remote Preauth Code Execution / DoS
Advisory ID: INFIGO-2008-01-06
Date: 2008-01-09
Advisory URL: http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-01-06
Impact: Remote code execution
Risk Level: High
Product Affected
Updater for McAfee Virusscan Command Line 6.0
This product is available attached to this document:
https://kc.mcafee.com/corporate/index?page=content&id=KB67513
As far as can be determined, there has only ever been one version of this application.
Background
It is stated by McAfee:
NOTE: The attached script is only an example of how to automate the update process and is not officially supported by McAfee Technical Support.
[HSC] McAfee SecurityCenter Privacy Service HTML Execution Vulnerability
McAfee provides a proactive PC and Internet security service that helps you avoid
online attacks and protects what you value from hackers, identity thieves and other
online criminals.
A HTML execution vulnerability may allow an attacker to execute HTML scripts on
the system under the context of the user. These scripts can perform any action that the
user would. The flaw lies in the processing of filtering that is saved after exiting.
#######################################################################
Luigi Auriemma
Application: McAfee Framework
(implemented in McAfee ePolicy Orchestrator 4.0
http://www.mcafee.com/us/enterprise/products/system_security_management/epolicy_orchestrator.html)
Versions: <= 3.6.0.569
Platforms: Windows
Bug: format string in _naimcomn_Log
TPTI-11-12: McAfee SaaS MyAsUtil5.2.0.603.dll SecureObjectFactory Instantiation Design Flaw Remote Code Execution Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-11-12
August 8, 2011
-- CVSS:
8.3, (AV:N/AC:M/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Class: Reflected Cross-Site Scripting (XSS)
Software Description
McAfee UTM Firewall (Firmware 3.0.0 to 4.0.6) (formerly SnapGear) is the
affected product line. More information can be found at
https://kc.mcafee.com/corporate/index?page=content&id=SB10010
<http://www.mcafee.com/us/enterprise/products/network_security/utm_firewall.html>
ZDI-11-117: McAfee Firewall Reporter GeneralUtilities.pm isValidClient Authentication Bypass Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-117
April 11, 2011
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
======================================================================
Secunia Research 31/10/2007
- McAfee E-Business Server Auth Packet Handling Buffer Overflow -
======================================================================
Table of Contents
Affected Software....................................................1
executable (HotFix.exe).
Example of critical security services affected
* BlackICE
* McAfee
* Pointsec
* ISS Proventia
* ZoneAlarm
* Avast
* AVG
** McAfee Security Bulletin - Common Management Agent 3.6.0 format string
vulnerability with debug level set to 8 **
https://knowledge.mcafee.com/SupportSite/search.do?cmd=displayKC&docType=kc&externalId=615103&sliceId=SAL_Public
This knowledgebase article shows the following versions as vulnerable:
CMA 3.6.0.574 (Patch3) or earlier
McAfee Agent (MA) 4.0
Vulnerabilities and Exposures project identifies the following
problems:
CVE-2008-1673
Wei Wang from McAfee reported a potential heap overflow in the
ASN.1 decode code that is used by the SNMP NAT and CIFS
subsystem. Exploitation of this issue may lead to arbitrary code
execution. This issue is not believed to be exploitable with the
pre-built kernel images provided by Debian, but it might be an
issue for custom images built from the Debian-provided source
Vulnerabilities and Exposures project identifies the following
problems:
CVE-2008-1673
Wei Wang from McAfee reported a potential heap overflow in the
ASN.1 decode code that is used by the SNMP NAT and CIFS
subsystem. Exploitation of this issue may lead to arbitrary code
execution. This issue is not believed to be exploitable with the
pre-built kernel images provided by Debian, but it might be an
issue for custom images built from the Debian-provided source
This release fixes a denial of service vulnerability that could
allow a guest operating system to cause a host process to become
unresponsive or exit unexpectedly. (CVE-2007-4497)
Thanks to Rafal Wojtczvk of McAfee for identifying and reporting
these issues.
ESX
---
VMware ESX 3.0.1 Download Patch Bundle ESX-8258730
> [ iViZ Security Advisory 08-010 17/09/2008 ]
> -----------------------------------------------------------------------
> iViZ Techno Solutions Pvt. Ltd.
> http://www.ivizsecurity.com
> -----------------------------------------------------------------------
> * Title: McAfee SafeBoot Device Encryption
> Plain Text Password Disclosure
> * Date: 17/09/2008
> * Software: McAfee SafeBoot Device Encryption v4, Build 4750 and below
> --[ Synopsis:
> The password checking routine of SafeBoot Device Encryption fails to
This year the ICCC (www.ccdcoe.org/ICCC) takes place on 7-10 June and will focus on the topic of Generating Cyber Forces. The initial agenda (www.ccdcoe.org/ICCC/agenda.html) and registration (www.ccdcoe.org/ICCC/registration ) are now available on the ICCC website.
Key speakers include:
Dmitri Alperovich, McAfee - Towards Establishment of Cyberspace Deterrence Strategy
Jart Armin, HostExploit - Handling Botnets
Jeff Bardin, Treadstone71 - Augmenting Cyber Forces
Susan Brenner, University of Dayton - Conscription and Cyber Conflict: Legal Issues
Raoul Chiesa, United Nations - Underground of Hacking
Luc Dandurand, NATO C3 Agency - Rationale and Blueprint for a Cyber Red Team Within NATO
Please review the patch/release notes for your product and version
and verify the md5sum and/or the sha1sum of your downloaded file.
VMware Fusion 2.0.6 (for Intel-based Macs): Download including
VMware Fusion and a 12 month complimentary subscription to McAfee
VirusScan Plus 2009
md5sum: d35490aa8caa92e21339c95c77314b2f
sha1sum: 9c41985d754ac718032a47af8a3f98ea28fddb26
Andrew Blyth (University of Glamorgan, UK)
Paolo Milani Comparetti (Technical University of Vienna, Austria)
Marco Cova (University of California, Santa Barbara, USA)
Sven Dietrich (Stevens Institute of Technology, USA)
Toralv Dirro (McAfee, Germany)
Ulrich Flegel (SAP Research, Germany)
Felix Freiling (University of Mannheim, Germany)
Carrie Gates (CA Labs, USA)
Thorsten Holz (Technical University of Vienna, Austria)
Sotiris Ioannidis (FORTH-ICS, Greece)
Download Manager provides a simplified method of distributing,
downloading,and installing digitized assets via the Internet. Download
Manager is available as an ActiveX component or Java applet. The ActiveX
control persists on the user's system unless it is deleted
manually. Download Manager is used by many vendors including Microsoft,
McAfee, Symantec, Citrix and Adobe.
Over the years, browser vendors have added measures to their browsers to
prevent users from running unwanted software. Download managers on the
other hand have not adopted these measures as they generally want to
make this task as easy as possible for end users. The process of
Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
Rafal Wojtczuk of McAfee AVERT Research found that e2fsprogs contained
multiple integer overflows in memory allocations, based on sizes
taken directly from filesystem information. These flaws could result
in heap-based overflows potentially allowing for the execution of
arbitrary code.
Andrew Blyth (University of Glamorgan, UK)
Paolo Milani Comparetti (Technical University of Vienna, Austria)
Marco Cova (University of California, Santa Barbara, USA)
Sven Dietrich (Stevens Institute of Technology, USA)
Toralv Dirro (McAfee, Germany)
Ulrich Flegel (SAP Research, Germany)
Felix Freiling (University of Mannheim, Germany)
Carrie Gates (CA Labs, USA)
Thorsten Holz (Technical University of Vienna, Austria)
Sotiris Ioannidis (FORTH-ICS, Greece)
* F-Secure Internet Security 2010 10.00 build 246
* G DATA TotalCare 2010
* Kaspersky Internet Security 2010 9.0.0.736
* KingSoft Personal Firewall 9 Plus 2009.05.07.70
* Malware Defender 2.6.0
* McAfee Total Protection 2010 10.0.580
* Norman Security Suite PRO 8.0
* Norton Internet Security 2010 17.5.0.127
* Online Armor Premium 4.0.0.35
* Online Solutions Security Suite 1.5.14905.0
* Outpost Security Suite Pro 6.7.3.3063.452.0726
Next Page>>
|
