McAfee Endpoint Security (Linux) – CVE-2018-6693

Product Description:

McAfee Endpoint Security delivers centrally managed defenses with integrated capabilities like endpoint detection and response and machine learning analysis. Protect your Windows, Mac, and Linux systems with multiple, collaborative defenses and automated responses.

Vulnerability Discussion:

An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escalation to delete arbitrary files.

Vendor Contact Timeline:

2018-08-18: Vendor contacted via email.
2018-08-19: Vendor responds and opens internal case number.
2018-08-20: Vendor confirms vulnerability.
2018-09-11: Vendor issues security bulletin SB10248.
2018-09-19: Vendor informs us that patches have been released.
2018-09-24: RACK911 Labs issues security advisory.

About Us:

RACK911 Labs
1110 Palms Airport Drive, Suite 110
Las Vegas, NV 89119