Vulnerability Note VU#190267
McAfee ASaP VirusScan service does not adequately validate input
A vulnerability exists in McAfee ASaP VirusScan that permits intruders to access files outside of the web root.
Quoting from the McAfee ASaP VirusScan FAQ, McAfee ASaP VirusScan is "a web-based, managed and updated anti-virus service for the entire desktop environment." McAfee ASaP VirusScan allows hosts to share virus definitions, eliminating the need for all of the hosts to update their virus signature software from one central location. In order to make this possible, each host running this software also runs a lightweight http server that listens on 6515/TCP. Because of a vulnerability that exists in this HTTP server, a malicious user can connect to 6515/TCP and traverse the host file system to access any file on the system. For example:
HTTP://<Target IP Address>:6515/.../.../.../.../winnt/repair
A malicious user can connect to 6515/TCP and traverse the host file system, thus viewing any file on the target host with the privileges of the HTTP server, typically SYSTEM.
NAI has patched this vulnerability. The patch will be automatically disseminated to all affected hosts. Quoting from an NAI announcement regarding this vulnerability:
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Network Associates||Affected||28 Jun 2001||09 Aug 2001|
CVSS Metrics (Learn More)
This vulnerability was discovered by Aiden ORawe < email@example.com > and reported to the CERT Coordination Center.
This document was written by Ian A. Finlay
- CVE IDs: CVE-2001-1144
- Date Public: 11 Jul 2001
- Date First Published: 09 Aug 2001
- Date Last Updated: 14 Apr 2003
- Severity Metric: 30.60
- Document Revision: 44
If you have feedback, comments, or additional information about this vulnerability, please send us email.