The esets_daemon service does not validate the web server's certificate, so a man-in-the-middle can intercept the request and respond using a self-signed HTTPS certificate," today's advisory explained. ESET Endpoint Antivirus est principalement destiné à être utilisé sur des postes de travail dans un environnement de petite entreprise. "When ESET Endpoint Antivirus tries to activate its license, esets_daemon sends a request to. This known security flaw allows an attacker to execute arbitrary code via malformed XML content. Endpoint security extends beyond antivirus, including next-generation protection features like advanced persistent threat detection, investigation, and response, device management, data leak prevention, and others. The service is "statically linked with an outdated version of the POCO XML parser library, version 1.4.6p1." Security researchers added that this version of POCO is based Expat XML parser library version 2.0.1 (from June, 2007), which has a publicly known XML parsing vulnerability (CVE-2016-0718). The problem is linked to a service named esets_daemon, which runs as root.
Vulnerable versions of ESET Endpoint Antivirus 6 are statically linked with an outdated XML parsing library and do not perform proper server authentication, allowing for remote unauthenticated attackers to perform arbitrary code execution as root on vulnerable clients. The vulnerability is an easy flaw that enables hackers to get root-level remote code execution powers on a Mac by intercepting ESET antivirus program's connection to its backend servers using a self-signed HTTPS certificate, putting themselves as a man-in-the-middle to exploit an XML library security flaw.
0 kommentar(er)
