[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] McAfee Virus Scan for Linux and Unix v5.10.0 Local Buffer Overflow



Security comes into play here because a user can create a malicious play that 
would overflow the virus scan. Consequently the user can execute code with the 
privileges of the user running virus scan. Thus, it is a local privilege 
escalation scenario. 

----------------------------------------
> Date: Wed, 15 Aug 2007 18:53:18 +0200
> From: monikerd@xxxxxxxxx
> To: joey.mengele@xxxxxxxxxxxx
> CC: sebastian@xxxxxxxxxxxxxx; full-disclosure@xxxxxxxxxxxxxxxxx; 
> bugtraq@xxxxxxxxxxxxxxxxx
> Subject: Re: [Full-disclosure] McAfee Virus Scan for Linux and Unix v5.10.0 
> Local Buffer Overflow
> 
> Joey Mengele wrote:
> > Where does security come into play here? This is a local crash in a 
> > non setuid binary. I would like to hear your remote exploitation 
> > scenario. Or perhaps your local privilege escalation scenario?
> >
> > J
> >

_________________________________________________________________
With Windows Live Hotmail, you can personalize your inbox with your favorite 
color.
www.windowslive-hotmail.com/learnmore/personalize.html?locale=en-us&ocid=TXT_TAGLM_HMWL_reten_addcolor_0607
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/