RE: iDEFENSE Security Advisory 04.18.05: McAfee Internet Security Suite 2005 Insecure File Permission Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx, vulnwatch@xxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: RE: iDEFENSE Security Advisory 04.18.05: McAfee Internet Security Suite 2005 Insecure File Permission Vulnerability
From: "Boyce, Nick" <nick.boyce@xxxxxxx>
Date: Wed, 20 Apr 2005 18:02:12 +0100
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Hmmm ...

[Section VI. Vendor Response]

    "This issue affects an extremely small subset of the McAfee 
    Internet Security Suite 2005 user base as the vast majority 
    of home users do not use non-Administrator Windows accounts"

    "McAfee's key priority is the security of our customers."

If McAfee believes the correct functioning of its product depends on the
first statement being true, then the second statement doesn't seem to quite
fit.

Nick Boyce
EDS, Bristol, UK

Prev by Date: ICMP attacks against TCP (Proof-of-Concept code) (MS05-019, CISCO:20050412)
Next by Date: Multiple eGroupware Vulnerabilities
Previous by thread: ICMP attacks against TCP (Proof-of-Concept code) (MS05-019, CISCO:20050412)
Next by thread: Multiple eGroupware Vulnerabilities
Index(es):
- Date
- Thread