McAfee Virex fails to properly authenticate the source of updates

2007-02-15T00:00:00
ID VU:345233
Type cert
Reporter CERT
Modified 2007-02-16T00:00:00

Description

Overview

McAfee Virex automatic updates may not properly authenticate the source of updates. This may allow a remote attacker to execute arbitrary commands on a vulnerable system.

Description

McAfee Virex is anti-virus software for the Mac OS X platform. McAfee Virex 7 for Mac OS X connects to a remote FTP server to retrieve updates. However, Virex fails to properly authenticate the server or the contents of the retrieved updates. This may allow a remote attacker to spoof the update server and its contents, allowing that attacker to download and execute arbitrary commands on a Virex client system.


Impact

A remote attacker can execute arbitrary commands.


Solution

Apply a patch from McAfee Virex

A patch to address this issue is available by visiting the McAfee SecurityCenter and clicking the update button.


Systems Affected

Vendor| Status| Date Notified| Date Updated
---|---|---|---
McAfee| | 01 Dec 2005| 28 Aug 2006
If you are a vendor and your product is affected, let us know.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A

References

  • <http://prisms.cs.umass.edu/~kevinfu/papers/secureupdates-hotsec06.pdf>

Credit

Thanks to Anthony Bellissimo, John Burgess, and Kevin Fu for reporting this vulnerability.

This document was written by Jeff Gennari.

Other Information

  • CVE IDs: Unknown
  • Date Public: 31 Jul 2006
  • Date First Published: 15 Feb 2007
  • Date Last Updated: 16 Feb 2007
  • Severity Metric: 0.11
  • Document Revision: 27