Dailydave mailing list archives
Rsiky business
From: Dave Aitel <dave () immunitysec com>
Date: Wed, 12 May 2004 07:44:13 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 So a couple days ago ISS's Ben Layer announced another bug in McAffee's Enterprise Virus Management package (ePO). http://xforce.iss.net/xforce/alerts/id/173 . I remember when I published the Enterprise Application Security paper that NAI was mighty bothered by my draft's saying "ePO has a patchy security history". But at this point, three different people (Andreas Junestam, myself, and Ben) have bothered to look at it, and they've all found a serious remote root. At what point is the program declaired a high risk program to run on every machine in your enterprise? If you're a CISO and you're not thinking about that, you've been promoted to your level of incompetence <http://dictionary.reference.com/search?r=2&q=incompetence>! It's unlikely to be the last bug in ePO, in my opinion. During my brief binary analysis I remember some wacky things I didn't even bother to look into. As some of you with Outlook know, today is my birthday! I'm 28, in case you're wondering. I think I still have another couple years in me before I'm considered useless for technical work. So, uh, get your copy of CANVAS now. I'm going to throw in the Mdeamon bug today, which had been in the Immunity Vulnerability Sharing Club. Oddly, last night I was thinking of including it as a present to customers, but I notice Ned has released it as an advisory today by converting the SPIKE IMAP script to SMUDGE. Dave Aitel Immunity, Inc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAog4NzOrqAtg8JS8RAgQDAJ9JhKqivTR4plM5YjRcxOqr9i5NZQCg9cvR 7aHhu0BYAQ1RLs07ozx4C2Y= =eAW0 -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Rsiky business Dave Aitel (May 12)
- Re: Rsiky business ned (May 12)