Check Point Advisories

Mcafee FreeScan Information Disclosure and Application Denial of Service (CVE-2004-1908)

Check Point Reference: CPAI-2004-136
Date Published: 1 Nov 2009
Severity: Medium
Last Updated: Wednesday 19 November, 2014
Source:
Industry Reference:CVE-2004-1908
Protection Provided by:

Security Gateway
R81, R80, R77, R75

Who is Vulnerable?
Vulnerability Description A design flaw within the virus scanning software is the cause of the information disclosure vulnerability. To properly scan remote targets, the installed software must receive file system information from the remote machine. A Malicious usage of the CoMcFreeScan class, can cause paths for various system and user directories to be obtained. Two vulnerabilities exist in a component of the McAfee's FreeScan service, on systems that have used McAfee's online virus scanning tool FreeScan. An information disclosure vulnerability exists that may allow remote attackers to gain file-system information and can be used to obtain the user-name being used. A second vulnerability allows attackers to cause applications to terminate. After triggering of the information disclosure vulnerability, file-system paths of the victim's computer may be transmitted to a malicious host through an HTTP request. After triggering of the application termination vulnerability, the Internet Explorer process on the victim's host, executing the malicious script embedded in a web page, will terminate.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

  1. In the IPS tab, click Protections and find the Mcafee FreeScan Information Disclosure and Application Denial of Service protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  Security Products Enforcement Violation.
Attack Information:  Mcafee FreeScan information disclosure and application denial of service

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK