Zero Day in FireEye Antivirus

Tuesday, September 8, 2015 @ 04:09 PM gHale

There is a Zero Day vulnerability in FireEye’s antivirus, along with three other vulnerabilities, a researcher said.

The Zero Day vulnerability provides “unauthorized remote root file system access” to affected FireEye applications, according to a posting from Kristian Erik Hermansen, a security researcher based in Los Angeles, on the Exploit Database blog post.

Kaspersky Fixes Antivirus Zero Day
Zero Day Flaws in Browsers for Android
Zero Day: Firefox Fixed
Flash Zero Days Abound

“Just one of many handfuls of FireEye / Mandiant 0day. Been sitting on this for more than 18 months with no fix from those security ‘experts’ at FireEye. Pretty sure Mandiant staff coded this and other bugs into the products. Even more sad, FireEye has no external security researcher reporting process.

“FireEye appliance, unauthorized remote root file system access. Oh cool, web server runs as root! Now that’s excellent security …,” Hermansen said.

The flaw is in a PHP script which runs on a Web-facing Apache server. The vulnerability, which can end up triggered remotely, when used, provides attackers with access to local files.

The other vulnerabilities are basic command injections and login bypass bugs. No extra details ended up posted about them.