14 DAY TRIAL // Kristian Erik Hermansen, a security researcher based in Los Angeles, USA, has found a zero-day bug in FireEye's antivirus, along with three other vulnerabilities which, according to his Twitter account, are now up for sale.
Although a security researcher putting vulnerabilities up for sale might border on criminality, this may be Hermansen's way of drawing attention to these bugs, which according to an email exchange with CSO, have been ignored by FireEye in the past 18 months.
According to a posting on the Exploit Database, the zero-day vulnerability provides "unauthorized remote root file system access" to affected FireEye applications.
The flaw is found in a PHP script which runs on a Web-facing Apache server. The zero-day vulnerability, which can be triggered remotely, when used, provides attackers with access to local files.
The other vulnerabilities are basic command injections and login bypass bugs. No extra details have been posted about them, but Hermansen said he will sale them to the highest bidder.
FireEye has a bad reputation when it comes to fixing security holes
In the same email exchange with CSO, Hermansen also claims he's "pretty sure Mandiant staff coded this and other bugs into the products."
Mandiant is a cyber-security company which FireEye acquired in December 2013 for $1 billion / €900 million, and the vulnerabilities seem to be on one of their servers.
FireEye, in general, is looked at with distrust and hatred by most security researchers, after last year it got a security expert fired for publicly disclosing vulnerabilities in FireEye's Malware Analysis System (MAS).
Apparently, this was not the first time this happened, but this was the first time when it came to light. Fortunately, Kristian Erik Hermansen works now as a freelancer, so he has nothing to fear except FireEye's lawyers.
This was a bad day for antivirus makers after earlier today we reported on another zero-day exploit, this one in Kaspersky's antivirus.
FireEye -- Unauthenticated Command Injection remote root 0day at module ??? in ??? parameter ;) Will sell for $$$$$$
— . (@h3rm4ns3c) September 2, 2015
FireEye -- Login Bypass 0day at module ??? in ??? parameter ;) Will sell for $$$$$
— . (@h3rm4ns3c) September 2, 2015
FireEye remote root file system access 0day -- http://t.co/YabpDIkj6d
— . (@h3rm4ns3c) September 2, 2015