McAfee VirusScan Enterprise for Linux authentication token brute force

Added: 12/23/2016
CVE: CVE-2016-8023
BID: 94823

Background

McAfee VirusScan Enterprise for Linux is real-time, anti-malware software for Linux.

Problem

McAfee VirusScan Enterprise for Linux allows remote attackers to execute arbitrary commands by exploiting multiple vulnerabilities, including the ability to brute-force authentication tokens, a file write vulnerability using a malicious update server, and an authenticated file execution vulnerability.

Resolution

Apply the fix referenced in McAfee Security Bulletin SB10181.

References

https://nation.state.actor/mcafee.html
http://news.softpedia.com/news/vulnerabilities-found-in-linux-security-software-can-give-hackers-root-access-510936.shtml

Limitations

Exploit works on McAfee VirusScan Enterprise for Linux 1.9.2 through 2.0.2. Since this exploit uses a brute-force attack it may take some time to run.

Platforms

Linux

Back to exploit index