Re: [Full-disclosure] [IVIZ-08-010] McAfee SafeBoot Device Encryption Plain Text Password Disclosure (v4, Build 4750 and below)

["Kenneth Ng" <kenneth.d.ng () gmail com>]

Does anyone know how to check the build version number on the agent?
Or is there a comparison with that build number and a x.y.z version
id?

On Thu, Sep 18, 2008 at 5:44 AM, iViZ Security Advisories
<advisories () iviztechnosolutions com> wrote:
> -----------------------------------------------------------------------
> [ iViZ Security Advisory 08-010                            17/09/2008 ]
> -----------------------------------------------------------------------
> iViZ Techno Solutions Pvt. Ltd.
>                                             http://www.ivizsecurity.com
> -----------------------------------------------------------------------
> * Title:     McAfee SafeBoot Device Encryption
>              Plain Text Password Disclosure
> * Date:      17/09/2008
> * Software:  McAfee SafeBoot Device Encryption v4, Build 4750 and below
> --[ Synopsis:
>     The password checking routine of SafeBoot Device Encryption fails to
>     sanitize the BIOS keyboard buffer after reading passwords, resulting
>     in plain text password leakage to unprivileged local users.
> --[ Affected Software:
>   * SafeBoot Device Encryption v4, Build 4750 and below
> --[ Non Affected Software:
>   * SafeBoot Device Encryption v4, Build 4760 and above
>   * SafeBoot Device Encryption v5.x
> --[ Technical description:
[edit]