McAfee VirusScan Enterprise Registry Permission Weakness UIP Local Password Bypass

2007-03-17T10:32:46
ID OSVDB:33800
Type osvdb
Reporter thesinoda()
Modified 2007-03-17T10:32:46

Description

Vulnerability Description

McAfee VirusScan Enterprise has been reported to contain a privilege escalation flaw that may allow a local user to gain access to the password protected virusscan console. The issue is triggered when the UIP value is cleared in the Windows registry under HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection or HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Entreprise\CurrentVersion.

Additional third-party examination indicates this is not an issue due to the security settings on the registry keys by default are not writable with only user permissions.

Solution Description

The vulnerability reported is incorrect. No solution required.

Short Description

McAfee VirusScan Enterprise has been reported to contain a privilege escalation flaw that may allow a local user to gain access to the password protected virusscan console. The issue is triggered when the UIP value is cleared in the Windows registry under HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection or HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Entreprise\CurrentVersion.

Additional third-party examination indicates this is not an issue due to the security settings on the registry keys by default are not writable with only user permissions.

References:

Security Tracker: 1017791 Other Advisory URL: http://homepage.mac.com/adonismac/Advisory/crack_mcafee_password_protection.html Other Advisory URL: http://homepage.mac.com/adonismac/Advisory/bypass_mcafee_entreprise_password.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-03/0235.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-03/0242.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-03/0252.html CVE-2007-1538