Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: [IVIZ-08-010] McAfee SafeBoot Device Encryption Plain Text Password Disclosure (v4, Build 4750 and below)
From: "Kenneth Ng" <kenneth.d.ng () gmail com>
Date: Fri, 26 Sep 2008 13:23:46 -0400

Does anyone know how to check the build version number on the agent?
Or is there a comparison with that build number and a x.y.z version
id?

On Thu, Sep 18, 2008 at 5:44 AM, iViZ Security Advisories
<advisories () iviztechnosolutions com> wrote:
-----------------------------------------------------------------------
[ iViZ Security Advisory 08-010                            17/09/2008 ]
-----------------------------------------------------------------------
iViZ Techno Solutions Pvt. Ltd.
                                            http://www.ivizsecurity.com
-----------------------------------------------------------------------
* Title:     McAfee SafeBoot Device Encryption
             Plain Text Password Disclosure
* Date:      17/09/2008
* Software:  McAfee SafeBoot Device Encryption v4, Build 4750 and below
--[ Synopsis:
    The password checking routine of SafeBoot Device Encryption fails to
    sanitize the BIOS keyboard buffer after reading passwords, resulting
    in plain text password leakage to unprivileged local users.
--[ Affected Software:
  * SafeBoot Device Encryption v4, Build 4750 and below
--[ Non Affected Software:
  * SafeBoot Device Encryption v4, Build 4760 and above
  * SafeBoot Device Encryption v5.x
--[ Technical description:
[edit]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]