Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Researcher Uncovers McAfee Linux VirusScan Flaw: Page 2 of 2

McAfee said it's working around the clock to patch the vulnerability but doesn't consider it to be serious.

In a Thursday post to the Full Disclosure security mailing list, David Coffey, manager of product security at Santa Clara, Calif.-based McAfee, said the privilege of the executed code isn't raised from the privileges of the executing user, which means an attacker would have to compromise the machine through another mechanism to place the malicious library on the system.

Coffey also chided Gentoo Linux for posting detailed information on the VirusScan flaw less than nine hours after it alerted McAfee.

"It is disappointing that the finder did not follow responsible disclosure processes so that we could alert our customers and make sure they were protected accordingly," he said. "Instead, the finder published the vulnerability before we could issue a fix to secure our users."