[Full-disclosure] McAfee Virus Scan for Linux and Unix v5.10.0 Local Buffer Overflow
Jimby Sharp
jimbysharp at hotmail.com
Thu Aug 16 06:22:19 BST 2007
Security comes into play here because a user can create a malicious play that would overflow the virus scan. Consequently the user can execute code with the privileges of the user running virus scan. Thus, it is a local privilege escalation scenario.
----------------------------------------
> Date: Wed, 15 Aug 2007 18:53:18 +0200
> From: monikerd at gmail.com
> To: joey.mengele at hushmail.com
> CC: sebastian at wolfgarten.com; full-disclosure at lists.grok.org.uk; bugtraq at securityfocus.com
> Subject: Re: [Full-disclosure] McAfee Virus Scan for Linux and Unix v5.10.0 Local Buffer Overflow
>
> Joey Mengele wrote:
> > Where does security come into play here? This is a local crash in a
> > non setuid binary. I would like to hear your remote exploitation
> > scenario. Or perhaps your local privilege escalation scenario?
> >
> > J
> >
_________________________________________________________________
With Windows Live Hotmail, you can personalize your inbox with your favorite color.
www.windowslive-hotmail.com/learnmore/personalize.html?locale=en-us&ocid=TXT_TAGLM_HMWL_reten_addcolor_0607
Full-Disclosure is hosted and sponsored by Secunia.