Linux Security Software Vulnerabilities Can Give Hackers to Root Access
McAfee Vulnerability scanner Linux Enterprise found Remote code execution flaws which could allow an attacker to obtain root privileges, and a security researcher says that it’s all possible by simply tricking the app to use malicious update servers.
Andrew Fasano from MIT Lincoln Laboratory said in a post that he first discovered the vulnerabilities in McAfee’s solution nearly six months ago, but the security company patched them only earlier this month.
“At a first glance, Intel’s McAfee vulnerability scanner “Virus-Scan Enterprise” for Linux has all the best characteristics that vulnerability researchers love: it runs as root, it claims to make your machine more secure, it’s not particularly popular, and it looks like it hasn’t been updated in a long time,” he explained.
“10 different vulnerabilities, 4 from which lead to privilege escalation”
There are 10 different vulnerabilities in McAfee’s Linux security solution, but the researcher says that only 4 of them are required to successfully breach a Linux system.
The first two flaws, which are known as CVE-2016-8016 and CVE-2016-8017 (Remote Unauthenticated File Existence Test and Remote Unauthenticated File Read with Constraints) make it possible for hackers to compromise the authentication token used by McAfee’s Virus-Scan Enterprise and run malicious update servers on Linux machines.
The script that would eventually help obtain root privileges is deployed with the help of CVE-2016-8021 (Web Interface Allows Arbitrary File Write to Known Location). When combined with CVE-2016-8020 (Authenticated Remote Code Execution & Privilege Escalation), an attacker can obtain a privilege escalation flaw, the researcher notes.
Using CSRF or XSS, it would be possible to use these vulnerabilities to remotely privesc to root,” he explains. All these vulnerabilities have already been confirmed in version 1.9.2 to 2.0.2, so all Linux systems are recommended to update to the latest release that McAfee shipped this month. So Hackers can easily root through vulnerability-scanner-linux-bug.
If you like this article, Feel free to share your thoughts in the comments section.