注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

网路游侠

www.youxia.org

 
 
 

日志

 
 

4510e版及之前的mcafee virusscan可导致linux被攻击  

2006-12-19 23:51:16|  分类: 07 黑客安全 |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |

    原文见:http://linux.chinaunix.net/news/2006-12-18/3488.shtml,标题修改了下,因为感觉那个(Linux命令行杀毒软件被爆致命漏洞)太……弱智了。

    是个针对VirusScan command Line Scanner Antivirus的溢出,可被远程骇客执行恶意代码,并且“This is very easy to exploit”。只不过没有这个code,网上用McAfee VirusScan的服务器实在是太多了,要是……嘿嘿

    日前,一位安全研究人员在McAfee的Linux杀毒软件中发行了一个漏洞,该漏洞可以使得远程攻击者执行恶意代码。

  受该漏洞影响的McAfee VirusScan版本有包含4510e在内的所有以前版本。

  A security researcher has discovered a vulnerability in McAfee's VirusScan Command Line Scanner antivirus software that could enable remote attackers to execute malicious code.

  The flaw affects VirusScan versions 4510e and older and is caused by a glitch in an embedded DT_RPATH tag, which instructs the software to search the working directory for shared library files in Linux.

  An attacker could exploit the flaw by getting a user to run a scan on a rigged file in the directory where they saved it, which would allow the execution of malicious code on the system with user privileges, according to Jakub Moc, a security researcher with Gentoo Linux, who was credited with discovering the vulnerability.

  "This is very easy to exploit, and if VirusScan is used in a mail scanner on a mail server, just sending someone an e-mail with an attachment with the right name would execute it," Moc said.

  Gentoo Linux rated the severity of the threat as "high," or 3 on a 3-point scale, and Symantec Deepsight gave it an aggregate threat score of 7.8 out of 10. However, the French Security Incident Research Team rated the flaw as "moderate," or 2 on a 4-point scale.

  McAfee said it's working around the clock to patch the vulnerability but doesn't consider it to be serious.

  In a Thursday post to the Full Disclosure security mailing list, David Coffey, manager of product security at Santa Clara, Calif.-based McAfee, said the privilege of the executed code isn't raised from the privileges of the executing user, which means an attacker would have to compromise the machine through another mechanism to place the malicious library on the system.

  Coffey also chided Gentoo Linux for posting detailed information on the VirusScan flaw less than nine hours after it alerted McAfee.

  "It is disappointing that the finder did not follow responsible disclosure processes so that we could alert our customers and make sure they were protected accordingly," he said. "Instead, the finder published the vulnerability before we could issue a fix to secure our users."

原文链接:http://www.crn.com/sections/vista/vista.jhtml?articleId=196700159

  评论这张
 
阅读(81)| 评论(0)
推荐 转载

历史上的今天

在LOFTER的更多文章

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2017