Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

mcaffee.mycio.traversal.txt

🗓️ 12 Jul 2001 00:00:00Reported by Ade245Type 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 24 Views

High risk directory traversal vulnerability in McAfee ASaP VirusScan allows unauthorized file access.

Show more
Code
`----- Begin Hush Signed Message from [email protected] -----  
  
-=[ SECURITY ADVISORY ]=-   
  
  
  
McAfee ASaP Virusscan - myCIO HTTP Server Directory Traversal Vulnerabilty  
  
  
  
Date: 28 June 2001  
  
Impact: HIGH  
  
Affected: Any machine running the McAfee Agent ASaP VirusScan Software  
  
Tested on: NT Workstation 4.0, 2000 Professional   
  
  
Overview  
--------  
  
McAfee ASap Virusscan is a Web-based, managed and updated Anti-Virus Service   
for the Desktop Environment. On setup agent software is installed on the   
client machine. This software incorporates what is known as "Rumour Technology"   
that facilitates in the transfer of virus definitions between neigbouring   
machines. This agent software runs as a service ("McAfee Agent") under   
the local system account and uses a light weight HTTP server that listens   
on port 6515.   
  
  
Description   
-----------  
  
This web server is restricted to serve files that are located under \winnt\mycio\agent\rmrcache   
, however it is possible to break out of this by using a specially formatted   
directory traversal URL. This means that an attacker can connect to the   
webserver and view and/or download any file that resides on the target box.   
Due to the fact that the service is running as local system NTFS permissions   
are redundant.  
  
  
Example  
-------  
  
To view the contents of WinNT/Repair enter the following URL into a web   
browser:  
  
  
HTTP://<Target IP Address>:6515/.../.../.../.../winnt/repair  
  
  
  
Workaround  
----------  
  
Disable the McAfee Agent service or alternatively run it under a local user   
account and set the NTFS permissions accordingly.  
  
  
Notes  
-----  
  
McAfee where notified of this issue 28-June-2001  
  
  
  
  
  
----- Begin Hush Signature v1.3 -----  
CqnHbxr849s+SIAlsEWQMkOyxzMYI0IxAT3Iu/barfSw92Cf5YKbosXkv8qdeNDKSUkS  
2R69rXhvAaDngmcreEcOvFZRrGQ1EWyQdczKYceg4sphiNwhRYYqbYWYPkhJyfMP4+Be  
MmfYg4runAF62i8PCzSqUgnQMAuFG3bWb4XFFwDbGIwREX7OIc6KFc3Xd7Cc3+k4VVgs  
/LUxchUhlKhWUDyCKbI76dfGyXW9+ulLKyjj8LwMaiq5iq6w3pqlkF12T/b4B9B3FCOW  
vLxjUlfS9H4si80WA4acwzpe+g0y6ffe7H4nQqcd6bJbQkwzjL3vQH/eNAVFvnEYQCxZ  
WVS7CubjbQGHWFclZBDfSHl2QOC+u9dC+fM17T6NZnoIIEwOpe6U5eQLGw16hyJY2G/9  
LlQAsYIQ5k8g6Ox5Of6lv8LLXmq4ZEqI0Gd8Bs7cy4WYttsYkyIAMyB0tGYoAIMKL0oo  
7VYt05ecR7XDHOvXUAaLeKjOBYXl6a3+A73roR84lH/A  
----- End Hush Signature v1.3 -----  
  
  
This message has been signed with a Hush Digital Signature.   
To verify the signature, please go to www.hush.com/tools  
  
  
Free, encrypted, secure Web-based email at www.hushmail.com  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
12 Jul 2001 00:00Current
7.4High risk
Vulners AI Score7.4
mcafee asap virusscandirectory traversal vulnerabilityunauthorized file accesshigh impactworkaround solutions.
24
.json
Report