Re: [Full-disclosure] [IVIZ-08-010] McAfee SafeBoot Device Encryption Plain Text Password Disclosure (v4, Build 4750 and below)



Does anyone know how to check the build version number on the agent?
Or is there a comparison with that build number and a x.y.z version
id?

On Thu, Sep 18, 2008 at 5:44 AM, iViZ Security Advisories
<advisories@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
-----------------------------------------------------------------------
[ iViZ Security Advisory 08-010 17/09/2008 ]
-----------------------------------------------------------------------
iViZ Techno Solutions Pvt. Ltd.
http://www.ivizsecurity.com
-----------------------------------------------------------------------
* Title: McAfee SafeBoot Device Encryption
Plain Text Password Disclosure
* Date: 17/09/2008
* Software: McAfee SafeBoot Device Encryption v4, Build 4750 and below
--[ Synopsis:
The password checking routine of SafeBoot Device Encryption fails to
sanitize the BIOS keyboard buffer after reading passwords, resulting
in plain text password leakage to unprivileged local users.
--[ Affected Software:
* SafeBoot Device Encryption v4, Build 4750 and below
--[ Non Affected Software:
* SafeBoot Device Encryption v4, Build 4760 and above
* SafeBoot Device Encryption v5.x
--[ Technical description:
[edit]



Relevant Pages