Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and previous versions) allows remote unauthenticated malicious user to bypass server authentication via a crafted authentication cookie.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mcafee virusscan enterprise |
This one ticks all the boxes: Runs as root ✔ Claims security ✔ Unpopular product with few updates ✔
McAfee has taken six months to patch 10 critical vulnerabilities in its VirusScan Enterprise Linux client. And these were nasty bugs as when chained they resulted remote code execution as root. Andrew Fasano, security researcher with MIT Lincoln Laboratory, says attackers can chain the flaws to compromise McAfee Linux clients by spinning up malicious update servers. "At a first glance, Intel's McAfee VirusScan Enterprise for Linux has all the best characteristics that vulnerability researchers l...