McAfee VirusScan Enterprise for Linux authentication token brute force
Added: 12/23/2016CVE: CVE-2016-8023
BID: 94823
Background
McAfee VirusScan Enterprise for Linux is real-time, anti-malware software for Linux.Problem
McAfee VirusScan Enterprise for Linux allows remote attackers to execute arbitrary commands by exploiting multiple vulnerabilities, including the ability to brute-force authentication tokens, a file write vulnerability using a malicious update server, and an authenticated file execution vulnerability.Resolution
Apply the fix referenced in McAfee Security Bulletin SB10181.References
https://nation.state.actor/mcafee.htmlhttp://news.softpedia.com/news/vulnerabilities-found-in-linux-security-software-can-give-hackers-root-access-510936.shtml
Limitations
Exploit works on McAfee VirusScan Enterprise for Linux 1.9.2 through 2.0.2. Since this exploit uses a brute-force attack it may take some time to run.Platforms
LinuxBack to exploit index