

McAfee's website full of security holes - eapen
http://www.networkworld.com/news/2011/032811-mcafee-security-holes.html

======
eapen
From - <http://seclists.org/fulldisclosure/2011/Mar/313>

Vulnerabilities in *McAfee.com

1\. VULNERABILITY DESCRIPTION

-> Cross Site Scripting [http://download.mcafee.com/products/webhelp/4/1033/#javascri...](http://download.mcafee.com/products/webhelp/4/1033/#javascript:top.location.replace\(attacker.in\))

-> Information Disclosure > Internal Hostname: <http://www.mcafee.com/js/omniture/omniture_profile.js>
    
    
        ($ ruby host-extract.rb -a

<http://www.mcafee.com/js/omniture/omniture_profile.js>)

-> Information Disclosure > Source Code Disclosure:
    
    
            view-source:http://download.mcafee.com/clinic/includes/commoninc/cookiecommon.asp
            view-source:http://download.mcafee.com/clinic/includes/commoninc/appcommon.asp
            view-source:http://download.mcafee.com/clinic/includes/commoninc/partnerCodesLibrary.asp
            view-source:http://download.mcafee.com/clinic/Includes/common.asp
            view-source:http://download.mcafee.com/updates/upgrade_patches.asp
            view-source:http://download.mcafee.com/updates/common/dat_common.asp
            view-source:http://download.mcafee.com/updates/updates.asp
            view-source:http://download.mcafee.com/updates/superDat.asp     
            view-source:http://download.mcafee.com/eval/evaluate2.asp
            view-source:http://download.mcafee.com/common/ssi/conditionals.asp
            view-source:http://download.mcafee.com/common/ssi/errHandler_soft.asp
            view-source:http://download.mcafee.com/common/ssi/variables.asp
            view-source:http://download.mcafee.com/common/ssi/standard/oem/oem_controls.asp
            view-source:http://download.mcafee.com/common/ssi/errHandler.asp
            view-source:http://download.mcafee.com/common/ssi/common_subs.asp
            view-source:http://download.mcafee.com/us/upgradeCenter/productComparison_top.asp
            view-source:http://download.mcafee.com/us/bannerAd.asp
            view-source:http://download.mcafee.com/common/ssi/standard/global_foot_us.asp
            
    

2\. RECOMMENDATION

\- Fully utilize Mcafee FoundStone Experts \- Use outbound monitoring of
traffic to detect potential information leakage

3\. VENDOR

McAfee Inc <http://www.mcafee.com>

4\. DISCLOSURE TIME-LINE

2011-02-10: reported vendor 2011-02-12: vendor replied "we are working to
resolve the issue as quickly as possible" 2011-03-27: vulnerability found to
be unfixed completely 2011-03-27: vulnerability disclosed

5\. REFERENCES

Original Advisory URL:
[http://yehg.net/lab/pr0js/advisories/sites/mcafee.com/[mcafe...](http://yehg.net/lab/pr0js/advisories/sites/mcafee.com/\[mcafee\]_xss_infoleak)
Former Disclosure, 2008:
[http://www.theregister.co.uk/2008/06/13/security_giants_xsse...](http://www.theregister.co.uk/2008/06/13/security_giants_xssed/)
Former Disclosure, 2009: [http://news.softpedia.com/news/McAfee-Websites-
Vulnerable-to...](http://news.softpedia.com/news/McAfee-Websites-Vulnerable-
to-Attacks-110667.shtml) Former Disclosure, 2010: [http://security-
sh3ll.blogspot.com/2010/04/mcafee-communitie...](http://security-
sh3ll.blogspot.com/2010/04/mcafee-communities-xss-defacement.html) host-
extract: <http://code.google.com/p/host-extract/> Demo:
[http://yehg.net/lab/pr0js/training/view/misc/XSSing_McAfee_S...](http://yehg.net/lab/pr0js/training/view/misc/XSSing_McAfee_Secured/)
xssed: <http://www.xssed.com/search?key=mcafee.com> Lessont Learn:
[http://blogs.mcafee.com/mcafee-labs/from-xss-to-root-
lessons...](http://blogs.mcafee.com/mcafee-labs/from-xss-to-root-lessons-
learned-from-a-security-breach)

#yehg [2011-03-27]

