Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Researcher Uncovers McAfee Linux VirusScan Flaw

A security researcher has discovered a vulnerability in McAfee's VirusScan Command Line Scanner antivirus software that could enable remote attackers to execute malicious code.

The flaw affects VirusScan versions 4510e and older and is caused by a glitch in an embedded DT_RPATH tag, which instructs the software to search the working directory for shared library files in Linux.

An attacker could exploit the flaw by getting a user to run a scan on a rigged file in the directory where they saved it, which would allow the execution of malicious code on the system with user privileges, according to Jakub Moc, a security researcher with Gentoo Linux, who was credited with discovering the vulnerability.

"This is very easy to exploit, and if VirusScan is used in a mail scanner on a mail server, just sending someone an e-mail with an attachment with the right name would execute it," Moc said.

Gentoo Linux rated the severity of the threat as "high," or 3 on a 3-point scale, and Symantec Deepsight gave it an aggregate threat score of 7.8 out of 10. However, the French Security Incident Research Team rated the flaw as "moderate," or 2 on a 4-point scale.

  • 1