Network Associates Information for VU#190267

McAfee ASaP VirusScan service does not adequately validate input

Status

Affected

Vendor Statement

Please see http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0107&L=ntbugtraq&F=P&S=&P=1558

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

-----BEGIN PGP SIGNED MESSAGE-----

McAfee would like to advise NT Bugraq readers of the release of a fix for the vulnerability:

McAfee has taken action to address the vulnerability discovered in the VirusScan ASaP agent technology, which affected all users of VirusScan ASaP. McAfee has distributed the fix to all McAfee ASaP update sites for automatic distribution to end users. The fix will be downloaded and applied to end user systems in the normal course of updating that VirusScan ASaP performs each day. Any VirusScan ASaP agents that have performed an update since 03:30 Greenwich Mean Time on July 14, 2001 will have applied the fix.

Users who wish to manually initiate an update can do so by double clicking on the VirusScan ASaP system tray icon. Users who have questions about this procedure or experience other issues should contact McAfee technical support through standard channels.

McAfee has received no reports of security breaches at customer sites as a result of this vulnerability.

Stephanie Sparck Manager of Channel Marketing Network Associates __________________________________________

-----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4

iQCVAwUBO1NIik+RBmuavn3GAQEYLgQAsINJ7edmzIbXD8X+DJvaSwbybuXZ5QJg BKH+g/F6E1nFJSknzeAyScpP5HjKR6zDswdiwD/6O9HT1skaFZoDT5vG2md//tiM Ln2zZPBTWrA7jThhLNQ8wNZG8+O3eygIPnKA3wTBB+GX28QCuTzRWJGAV0wtRyuV H/96Jm/PM7w= =+8iL -----END PGP SIGNATURE-----

If you have feedback, comments, or additional information about this vulnerability, please send us email.