=====================================================================
                                     CERT-Renater

                          Note d'Information No. 2007/VULN076
_____________________________________________________________________

DATE                      : 02/03/2007

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Mac OS X running McAfee Virex 7.7.

======================================================================

McAfee Security Bulletin: Virex 7.7 patch 1 or higher fixes vulnerabilities [518722]


	Environment		

McAfee Virex 7.7 for Mac OS X
Mac OS X
Mac OS 10


	Problem		

McAfee Security Bulletin - Virex 7.7 patch 1 or higher fixes vulnerabilities

	Solution		

1. SUMMARY

     Who should read this document: Technical and Security Personnel
     Impact of Vulnerability: Local Authenticated Command Execution
     Severity Rating: Low
     Recommendations: Update Virex 7.7 to patch 1
     Security Bulletin Replacement: None
     Caveats: None
     Affected Software: McAfee® Virex 7.7
     Location of updated software: https://mysupport.mcafee.com/eservice_enu/


2. Description

     An issue exists with the default permissions and validation of specific
files belonging to McAfee Virex 7.7 that may allow for local authenticated
command execution. A successful exploit of this security flaw would allow a
local privileged attacker to execute code on the machine running the indicated
software. These injected commands would be limited to the privileges of the id
in which the Virex 7.7 product is running on the machine. In order to accomplish
this exploit, an attacker would have to have authenticated access to the
machine. Updating McAfee Virex 7.7 to patch 1 will correct issues with file
permissions and validation.

     The update has been pushed to all live update servers and available for
download as of February 12, 2007. This update will remedy the risk associated
with this security flaw.


3. Remediation

     Overview:
     Download the McAfee Virex 7.7 patch 1 from the download server and apply the
  patch to a Virex 7.7 installation.

     Obtaining the patch Binaries:

         https://mysupport.mcafee.com/eservice_enu/
         Name: Virex 77 Patch 1

     Detailed Steps for installing patch:

     INSTALLATION REQUIREMENTS

     To use this patch, you must have McAfee Virex version 7.7 (Build 163) (see
"virex about" dialog box for build number) installed on the computer you intend
to update.

     IMPORTANT: This patch does NOT support other versions of the software.

     INSTALLATION STEPS

     NOTE: You need to restart your computer after installing this patch.

        1.
           Close Virex application if it is running.
        2.
           Extract the following files from the Patch package (Virex 77 Patch
1.zip) into a folder:
              1.
                 Virex 7.7 Patch 1.pkg
              2.
                 README.TXT
        3.
           Double-click Virex 7.7 Patch 1.pkg to install the HotFix.

           NOTE: You will need to supply your administrator password to install
this Patch when prompted.

     Detailed Steps for validating patch install:

     You can check that the Patch is applied correctly by verifying the product
version information of Virex.app and VShieldCheck:

     1. Launch Virex.app from /Applications folder

     2. Open About dialog by clicking "About Virex" menu option from "Virex"
menu.

     3. The About dialog should display the following information: McAfee Virex
version 7.7 (build 194)

     Detailed steps to un-install patch:

         NOTE: We strongly recommend that you do NOT remove this patch from your
McAfee Virex 7.7 installation once you install it. If you reinstall your McAfee
Virex 7.7 software, we recommend that you also reinstall this patch.

4. Workaround

     None


5.Acknowledgements

     Kevin Finisterre of Digitalmunition / Netragard


6. Support

     Corporate Technical Support:

         1-800-338-8754
         http://www.mcafee.com/us/support/default.asp

7. Frequently Asked Questions (FAQ) related to this security bulletin

     Who is affected by this security vulnerability? McAfee Virex 7.7 and earlier
customers could be affected by this vulnerability. McAfee urges all customers to
verify that they have received the latest updates.

     Does this vulnerability affect McAfee enterprise products? Yes, only McAfee
Virex 7.7 and earlier. The McAfee Virex 7.7 product is available to both
enterprise and consumer customers.
     Does this issue occur in later versions of Virex? No, VirusScan for MacTel 
8.0 and VirusScan for Mac 8.5 do not contain this security flaw.

     Can McAfee Virex 7.7 users upgrade to the newest version of McAfee Virex? 
Version upgrades are available for all current customers with a valid support
contract. The newer Macintosh versions of McAfee products may be incompatible on
some Macintosh systems. Please validate compatibility with your system prior to
upgrading.

     What has McAfee done to resolve the issue? McAfee believes in providing the
most secure software to customers and has provided an update to this security
flaw.

     How does McAfee respond to this and any other security flaws? McAfee's key
priority is the security of its customers. In the event that a vulnerability is
found within any of McAfee's software, a strong process is in place to work
closely with the relevant security research group to ensure the rapid and
effective development of a fix and communication plan. McAfee is an active
member of the Organization for Internet Safety (OIS) which is dedicated to
developing guidelines and best practices for the reporting and fixing of
software vulnerabilities.


8. Resources

     To download new beta software or to read about the latest beta information, 
visit the beta website:
     http://www.mcafeesecurity.com/us/downloads/beta/mcafeebetahome.htm

     To submit beta feedback on any McAfee product, send email to:
     mcafee_beta@mcafee.com

     For contact information, see:
     http://www.mcafee.com/pubs/contacts.html

     For copyright, trademark attributions, and license information, see:
     http://www.mcafee.com/pubs/copyright.html

     For patents protecting this product, see the product documentation.


9. Disclaimer

     The information provided in this security bulletin is provided as is without
warranty of any kind. McAfee disclaims all warranties, either express or
implied, including the warranties of merchantability and fitness for a
particular purpose. In no event shall McAfee or its suppliers be liable for any
damages whatsoever including direct, indirect, incidental, consequential, loss
of business profits or special damages, even if McAfee or its suppliers have
been advised of the possibility of such damages. Some states do not allow the
exclusion or limitation of liability for consequential or incidental damages so
the foregoing limitation may not apply.



======================================================================

            =========================================================
            Les serveurs de référence du CERT-Renater
            http://www.urec.fr/securite
            http://www.cru.fr/securite
            http://www.renater.fr
            =========================================================
            + CERT-RENATER          | tel : 01-53-94-20-44          +
            + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
            + 75013 Paris           | email: certsvp@renater.fr     +
            =========================================================