lynchknot
March 18th, 2005, 17:31 PM
http://secunia.com/advisories/14628/
http://xforce.iss.net/xforce/alerts/id/190
Description:
ISS X-Force has reported a vulnerability in multiple McAfee products, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error in the AV scanning engine when processing LHA archives and can be exploited to cause a buffer overflow via a specially crafted LHA file.
Successful exploitation allows execution of arbitrary code.
Solution:
The vendor recommends applying the latest .DAT files and updating to AV scanning engine version 4400.
Secunia Advisory:
Release Date: 2005-03-18
Critical:
Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: McAfee Active Mail Protection
McAfee Active Threat Protection
McAfee Active Virus Defense SMB Edition
McAfee Active VirusScan SMB Edition
McAfee GroupShield 6.x for Microsoft Exchange
McAfee GroupShield for Exchange 2000 5.x
McAfee GroupShield for Exchange 5.5 v4.x
McAfee GroupShield for Exchange 5.5 v5.x
McAfee GroupShield for Lotus Domino on AIX 5.x
McAfee GroupShield for Lotus Domino on Windows 5.x
McAfee GroupShield for Mail Servers with ePO
McAfee LinuxShield 1.x
McAfee Managed VirusScan
McAfee Netshield for Netware 4.x
McAfee PortalShield for Microsoft SharePoint
McAfee SecurityShield for Microsoft ISA Server
McAfee Virex
McAfee VirusScan 4.x
McAfee VirusScan 8.x/2004
McAfee VirusScan 9.x/2005
McAfee VirusScan Command Line
McAfee VirusScan Enterprise 8.x
McAfee VirusScan NetApp
McAfee VirusScan Professional 7.x
McAfee WebShield SMTP 4.x
http://xforce.iss.net/xforce/alerts/id/190
Description:
ISS X-Force has reported a vulnerability in multiple McAfee products, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error in the AV scanning engine when processing LHA archives and can be exploited to cause a buffer overflow via a specially crafted LHA file.
Successful exploitation allows execution of arbitrary code.
Solution:
The vendor recommends applying the latest .DAT files and updating to AV scanning engine version 4400.
Secunia Advisory:
Release Date: 2005-03-18
Critical:
Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: McAfee Active Mail Protection
McAfee Active Threat Protection
McAfee Active Virus Defense SMB Edition
McAfee Active VirusScan SMB Edition
McAfee GroupShield 6.x for Microsoft Exchange
McAfee GroupShield for Exchange 2000 5.x
McAfee GroupShield for Exchange 5.5 v4.x
McAfee GroupShield for Exchange 5.5 v5.x
McAfee GroupShield for Lotus Domino on AIX 5.x
McAfee GroupShield for Lotus Domino on Windows 5.x
McAfee GroupShield for Mail Servers with ePO
McAfee LinuxShield 1.x
McAfee Managed VirusScan
McAfee Netshield for Netware 4.x
McAfee PortalShield for Microsoft SharePoint
McAfee SecurityShield for Microsoft ISA Server
McAfee Virex
McAfee VirusScan 4.x
McAfee VirusScan 8.x/2004
McAfee VirusScan 9.x/2005
McAfee VirusScan Command Line
McAfee VirusScan Enterprise 8.x
McAfee VirusScan NetApp
McAfee VirusScan Professional 7.x
McAfee WebShield SMTP 4.x