McAfee Takes Six Months To Patch Remote Code Exploit In Linux VirusScan Enterprise

mask.of.sanity writes: A researcher has reported 10 vulnerabilities in McAfee’s VirusScan Enterprise for Linux that when chained together result in root remote code execution. McAfee took six months to fix the bugs issuing a patch December 9th.

Citing the security note, CSO adds that “one of the issues affects Virus Scan Enterprise for Windows version 8.7i through at least 8.8.” The vulnerability was reported by Andrew Fasano at MIT’s federally-funded security lab, who said he targeted McAfee’s client because “it runs as root, it claims to make your machine more secure, it’s not particularly popular, and it looks like it hasn’t been updated in a long time.”

Read more of this story at Slashdot.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.