Re: [Full-disclosure] [IVIZ-08-010] McAfee SafeBoot Device Encryption Plain Text Password Disclosure (v4, Build 4750 and below)
- From: "Kenneth Ng" <kenneth.d.ng@xxxxxxxxx>
- Date: Fri, 26 Sep 2008 13:23:46 -0400
Does anyone know how to check the build version number on the agent?
Or is there a comparison with that build number and a x.y.z version
id?
On Thu, Sep 18, 2008 at 5:44 AM, iViZ Security Advisories
<advisories@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
-----------------------------------------------------------------------[edit]
[ iViZ Security Advisory 08-010 17/09/2008 ]
-----------------------------------------------------------------------
iViZ Techno Solutions Pvt. Ltd.
http://www.ivizsecurity.com
-----------------------------------------------------------------------
* Title: McAfee SafeBoot Device Encryption
Plain Text Password Disclosure
* Date: 17/09/2008
* Software: McAfee SafeBoot Device Encryption v4, Build 4750 and below
--[ Synopsis:
The password checking routine of SafeBoot Device Encryption fails to
sanitize the BIOS keyboard buffer after reading passwords, resulting
in plain text password leakage to unprivileged local users.
--[ Affected Software:
* SafeBoot Device Encryption v4, Build 4750 and below
--[ Non Affected Software:
* SafeBoot Device Encryption v4, Build 4760 and above
* SafeBoot Device Encryption v5.x
--[ Technical description:
- Prev by Date: Crashing ZoneAlarm 8.0.020.000 by Checkpoint (Component : TrueVector)
- Next by Date: FtitzBox
- Previous by thread: Crashing ZoneAlarm 8.0.020.000 by Checkpoint (Component : TrueVector)
- Next by thread: FtitzBox
- Index(es):
Relevant Pages
|
