Ten flaws found in McAfee VirusScan Enterprise by researcher

Firm patched vulnerabilities after researcher threatened to go public

Intel's McAfee VirusScan Enterprise product had as many as 10 security vulnerabilities that allowed the execution of code remotely as a root user. This was before the company was notified by a researcher from MIT.

"At a first glance, Intel's McAfee VirusScan Enterprise for Linux has all the best characteristics that vulnerability researchers love: it runs as root, it claims to make your machine more secure, it's not particularly popular, and it looks like it hasn't been updated in a long time," said Andrew Fasano from MIT Lincoln Laboratory in a blog. "When I noticed all these, I decided to take a look."

On investigation Fasano found 10 possible vulnerable points in the software. He spoke to McAfee before publishing his findings, but only managed to illicit a response when he gave the organisation a week's deadline before he would go public.

According to Fasano the issues are systemic, bound up with the way that the system works.

"The webserver is essentially a UI on top of the scanner service When a user makes a request to the webserver, the request is reformatted, sent to the root service and then the user is shown the response rendered in an html template," he added.

"The web interface doesn't do much to limit what data a malicious user can send to the root service."

Intel McAfee issued fixes for the issues for VirusScan last Friday, and the firm put out a blog post went live this week.

"VSEL 2.0.3 (and earlier) is vulnerable to the following published security vulnerabilities. The ENSL 10.2 release resolves the following vulnerabilities. Intel Security highly recommends that all customers upgrade from VSEL to ENSL," said the firm.

"Intel Security credits Andrew Fasano who reported these issues to CERT."