Re: [Full-disclosure] [IVIZ-08-010] McAfee SafeBoot Device Encryption Plain Text Password Disclosure (v4, Build 4750 and below)

To: "iViZ Security Advisories" <advisories@xxxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] [IVIZ-08-010] McAfee SafeBoot Device Encryption Plain Text Password Disclosure (v4, Build 4750 and below)
From: "Kenneth Ng" <kenneth.d.ng@xxxxxxxxx>
Date: Fri, 26 Sep 2008 13:23:46 -0400
Cc: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:cc:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=cPzKXFXGnm/tfhzA6NaAHeuTHYCNaCZxXU5qHP7RLSc=; b=anK+Jett0ugI6XoFLs4ZkuCrMCOe96iR6D6O7LA8DBL3Q9xsznkRC1vqHo73Qb/0/G 3ELiKVb4WE8BzihrA66E4DBi+8VShXmoOwTfhOtfSfidnLhvo4h73GvuKaO/FdMio2W9 8UmoaIrt0DdzT6RPzKt1tiVmoYSPLMpgGTX4c=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=euM1nT2hytcWDSW+i7MXKg/ZjltSeYq0ctZZfAot+Amv6EuDI0F43zhJZYMrtEDHDn 3KT0mBEehMmvSe7vDCHLNLfgvtlo54hTxv+N0CBFYmEAbxSgUN/RBX5jH5goUQBU+x10 YRO+XM2+L6hT//bgvX9P4ctZKvL97XvV37dNw=
In-reply-to: <487376710809180244g77db1a80qc388cf33cd0a3d4e@xxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <487376710809180244g77db1a80qc388cf33cd0a3d4e@xxxxxxxxxxxxxx>

Does anyone know how to check the build version number on the agent?
Or is there a comparison with that build number and a x.y.z version
id?

On Thu, Sep 18, 2008 at 5:44 AM, iViZ Security Advisories
<advisories@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
> -----------------------------------------------------------------------
> [ iViZ Security Advisory 08-010                            17/09/2008 ]
> -----------------------------------------------------------------------
> iViZ Techno Solutions Pvt. Ltd.
>                                             http://www.ivizsecurity.com
> -----------------------------------------------------------------------
> * Title:     McAfee SafeBoot Device Encryption
>              Plain Text Password Disclosure
> * Date:      17/09/2008
> * Software:  McAfee SafeBoot Device Encryption v4, Build 4750 and below
> --[ Synopsis:
>     The password checking routine of SafeBoot Device Encryption fails to
>     sanitize the BIOS keyboard buffer after reading passwords, resulting
>     in plain text password leakage to unprivileged local users.
> --[ Affected Software:
>   * SafeBoot Device Encryption v4, Build 4750 and below
> --[ Non Affected Software:
>   * SafeBoot Device Encryption v4, Build 4760 and above
>   * SafeBoot Device Encryption v5.x
> --[ Technical description:
[edit]

Prev by Date: Crashing ZoneAlarm 8.0.020.000 by Checkpoint (Component : TrueVector)
Next by Date: FtitzBox
Previous by thread: Crashing ZoneAlarm 8.0.020.000 by Checkpoint (Component : TrueVector)
Next by thread: FtitzBox
Index(es):
- Date
- Thread