McAfee VirusScan Enterprise for Linux Security Flaws Gives Attackers Root Access

Advertisement
By Sanket Vijayasarathy | Updated: 13 December 2016 17:36 IST

McAfee has patched 10 critical vulnerabilities in its VirusScan Enterprise for Linux, reportedly six months after they were disclosed. According to security researcher Andrew Fasano from MIT Lincoln Laboratory, the vulnerabilities when chained could result in the execution of the code remotely as a root user.

"At a first glance, Intel's McAfee VirusScan Enterprise for Linux has all the best characteristics that vulnerability researchers love: it runs as root, it claims to make your machine more secure, it's not particularly popular, and it looks like it hasn't been updated in a long time," the security advisory reads. "When I noticed all these, I decided to take a look."

Advertisement

Fasano said that attackers could chain the flaws to compromise VirusScan Enterprise for Linux by running malicious update servers. The malicious script after chaining the vulnerabilities is then run by the root user on the victim machine.

The vulnerabilities have been found present from at least version 1.9.2 through version 2.0.2, which was released in April 2016.

Advertisement

Fasano originally reported the vulnerabilities in June through the US computer emergency response team clearing house which passed on the information to McAfee. The security company in return asked for a six month non-disclosure extension until December. The company made no contact after July and was informed on December 5 that the report would be published on December 12.

McAfee on December 9 published the reports of the vulnerabilities, four days ahead of Fasano's report.

Advertisement

Fasano detailed the process which requires four of the 10 vulnerabilities to complete the exploit. The first pair, CVE-2016-8016 and CVE-2016-8017 allows an authentication token to be brute-forced and used to connect with McAfee Linux clients.

The attackers then use another flaw CVE-2016-8021 to force the target to create a malicious script. A request is then sent to authenticate the start of virus scan but which will execute the malicious script instead using CVE-2016-8020 and CVE-2016-8021. With these flaws combined, the attackers malicious script is run as root on the victim's machine.

Advertisement

In addition to this, Fasano found six more bugs which include an authenticated SQL injection, CVE-2016-8025, HTTP response splitting (CVE-2016-8024), cross-site scripting (CVE-2016-8019), cross-site request forgery tokens (CVE-2016-8018) and a remote unauthenticated file read and existence test (CVE-2016-8016, CVE-2016-8017).

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. Apple Back to School Sale: Grab These Deals on MacBook, iPad Models
  2. Oppo, OnePlus Could Equip New Phones With a 10,000mAh Battery
  3. Samsung Launches Music Studio Series Wi-Fi Speakers in India
  4. Samsung Galaxy Z Fold 8's 'New Shape' Appears in a New Spider-Man Video
  5. OnePlus Phones Will Soon Run on ColorOS 17 Instead of OxygenOS
  6. Nubia NaviX Ultra Design, Colourways Unveiled Ahead of July 17 Launch
  7. Vivo T5 Lite 5G With a 6,500mAh Battery Debuts in India at This Price
  8. Realme Could Replace Realme UI With ColorOS 17 in India
  9. WhatsApp Reportedly Rolls Out Mic Mode Controls for iPhone Calls
  1. Samsung Music Studio 5, Music Studio 7 Wi-Fi Speakers Launched in India
  2. Ostium Suspends Trading Following Oracle Security Incident Drains Millions
  3. Oppo’s New A Series, Upcoming OnePlus Mid-Range Smartphones Tipped to Launch With 10,000mAh Batteries
  4. WhatsApp Reportedly Rolls Out Mic Mode Controls for iPhone Calls
  5. Former Rockstar Games Developer Explains Why GTA 6 Maker Launches Games on PC After Consoles
  6. Samsung Galaxy Tab S12 Ultra CAD Renders Leaked Online; Reveals Familiar Look
  7. Apple Back to School Sale Now Live in India, Bringing Offers on MacBook Air, iPad Pro and More
  8. Realme Could Replace Realme UI With ColorOS 17 in India: Report
  9. Nubia NaviX Ultra Design, Colour Options Unveiled Ahead of July 17 Launch
  10. Lenovo Legion Y700 Infinite Chipset Details Teased Officially; Key Specifications Tipped Online
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.