The Tech Herald

McAfee to release patch for open-relay bug

by Steve Ragan - Jan 19 2012, 19:05

McAfee to release patch for open-relay bug.(IMG:J.Anderson)

In response to the discovery that their hosted (SaaS) Total Protection product is acting as a spam toolkit, the company said they will release a patch to address the issue.

In short, the issue is that McAfee’s Total Protection offering, which hosted for customers by the security firm itself and offered as a SaaS solution, allows an attacker to connect to port 6515 and use the compromised host to send spam. This open-relay vulnerability was exposed earlier this week by Keith & Annabel Morrigan, and their findings were confirmed by a researcher known online as Hinky Dink.

Headers taken from the impacted systems show a clear pattern, which can be hunted down by administrators who check proxy logs; in the examples below each of the systems pointed to residential IP addresses, and all of them were flagged as spamming.

 

1.1 62G3CP1 (McAfee Relay Server 5.2.1)

1.1 acer-86e9bf2e61 (McAfee Relay Server 5.2.3)

1.1 Alan (McAfee Relay Server 5.2.3)

1.1 BERCOBACKUP (McAfee Relay Server 5.2.1)

1.1 bill-2eb924946b (McAfee Relay Server 5.2.3)

1.1 billkayredsa-PC (McAfee Relay Server 5.2.3)

1.1 blackkbarbie-PC (McAfee Relay Server 5.2.1)

 

Virus Bulletin sums the situation up best:

“Of course, this has caused serious embarrassment for McAfee - not least because anti-malware solutions are supposed to prevent this from happening.”

For their part, McAfee got to the root of the issue rather quickly. According to a bulletin from McAfee, the firm has developed a patch that will instruct their “rumor” technology to ignore most incoming requests on port 6515. The updated version will show 5.2.3 patch 4.

“We have mitigating factors already in place that reduce risk, and a patch is coming to remediate any additional risk to our customers. The patch will be released on January 18 or 19, as soon as we have finished testing. Because this is a managed product, all affected customers will automatically receive the patch when it is released,” McAfee said.

Around the Web

Comment on this Story

comments powered by Disqus

From Autosaur.com

Chevrolet shows off the 2015 Colorado with digital experience

Chevrolet has launched a new website to show buyers all the bells and whistles available on ...

Mazda to debut CX-3 and MX-5 at Los Angeles Auto Show

Mazda has announced plans to premiere the new Mazda CX 3, its new compact crossover SUV, at ...

Ford issues safety recall for 204,448 Ford Edge and Lincoln MKX

Ford has issued a safety recall for 204,448 of the 2007-2008 Ford Edge and Lincoln MKX in No...

Mopar Previews SEMA Custom Rides

We have added a set of pictures released by Mopar ahead of the SEMA Show. Mopar are bri...

Audi R8 Competition – The Most Powerful Production Audi Ever

Audi has revealed details of their new super-fast Audi R8 Competititon — the most powerful a...