[NT]McAfee SafeBoot Device Encryption Plain Text Password Disclosure
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 4 Oct 2008 18:21:00 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
- - - - - - - - -
McAfee SafeBoot Device Encryption Plain Text Password Disclosure
The password checking routine of SafeBoot Device Encryption fails to
sanitize the BIOS keyboard buffer after reading passwords, resulting in
plain text password leakage to unprivileged local users.
* SafeBoot Device Encryption version 4 Build 4750 and below
* SafeBoot Device Encryption version 4 Build 4760 and above
* SafeBoot Device Encryption version 5.x
SafeBoot's pre-boot authentication routines use the BIOS API to read user
input via the keyboard. The BIOS internally copies the keystrokes in a RAM
structure called the BIOS Keyboard buffer inside the BIOS Data Area. This
buffer is not flushed after use, resulting in potential plain text
password leakage once the OS is fully booted, assuming the attacker can
read the password at physical memory location 0x40:0x1e.
Plain text password disclosure. Local guest access is required, but no
physical access to the machine.
"SafeBoot Device Encryption v4, Build 4750 and below are subject to this
vulnerability. Builds 4760 and above are not. Customers should upgrade to
the current version of SafeBoot Device Encryption v4, or migrate to the
current McAfee Endpoint Encryption for PC v5 platform which replaced the
earlier product in March 2007."
The information has been provided by Jonathan Brossard.
The original article can be found at:
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [NT]InstallShield Update Agent "Rule Script" Code Execution Vulnerability
- Next by Date: [NT]G DATA AntiVirus/InternetSecurity/TotalCare 2008 GDTdiIcpt.sys Memory Corruption Vulnerability
- Previous by thread: [NT]InstallShield Update Agent "Rule Script" Code Execution Vulnerability
- Next by thread: [NT]G DATA AntiVirus/InternetSecurity/TotalCare 2008 GDTdiIcpt.sys Memory Corruption Vulnerability