McAfee Products Security Bypass Vulnerability (Linux) Network Vulnerability

Summary

This host is installed with McAfee products and are prone to Security Bypass vulnerability.

Impact

Successful exploitation will allow attackers to bypass the anti-virus scanning and distribute files containing malicious code that the antivirus application will fail to detect. Impact Level: System/Application

Solution

Updates are available through DAT files 5600 or later http://www.mcafee.com/apps/downloads/security_updates/dat.asp

Insight

Error in AV Engine fails to handle specially crafted packets via, - an invalid Headflags and Packsize fields in a malformed RAR archive. - an invalid Filelength field in a malformed ZIP archive.

Affected

McAfee VirusScan Command Line McAfee VirusScan Enterprise Linux McAfee software that uses DAT files prior to 5600 on Linux

References

http://blog.zoller.lu/2009/04/case-for-av-bypassesevasions.html
http://blog.zoller.lu/2009/04/mcafee-multiple-bypassesevasions-ziprar.html
http://secunia.com/advisories/34949
https://kc.mcafee.com/corporate/index?page=content&id=SB10001&actp=LIST_RECENT

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1348

CVSS	Base Score: 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C

Related Vulnerabilities

7T Interactive Graphical SCADA System Multiple Security Vulnerabilities
Adobe AIR Multiple Vulnerabilities-01 Jun14 (Mac OS X)
Adobe Air Multiple Vulnerabilities - December12 (Mac OS X)
Adobe AIR Multiple Vulnerabilities-01 Sep14 (Windows)
Adobe Air Multiple Vulnerabilities - October 12 (Mac OS X)

Take action and discover your vulnerabilities