Mcafee bad catalogz when updating
The vulnerabilities described here are present from at least v1.9.2 (released 2/19/2015) through version 2.0.2, (released 4/22/16).
The only difference from the older release appears to be updating to a newer version of libc which makes exploiting these vulnerabilities easier.
When a user makes a request to the webserver, the request is reformatted, sent to the root service and then the user is shown the response rendered in an html template.
The web interface doesn't do much to limit what data a malicious user can send to the root service.
A system running Intel's Mc Afee Virus Scan Enterprise for Linux can be compromised by remote attackers due to a number of security vulnerabilities.
Some of these vulnerabilities can be chained together to allow remote code execution as root.
However, the The web interface allows users to specify an update server and request updates from it.