OSVDB ID: 29421

Title: McAfee Multiple Products HTTP /spipe/pkg/ Source Header Remote Overflow

Info

Disclosure

Oct 02, 2006

Discovery

Unknown

Dates

Exploit

Oct 02, 2006

Solution

Unknown

Description

A remote overflow exists in ePolicy Orchestrator and ProtectionPilot. The product fails to handle requests to /spipe/pkg/ with a long source header resulting in a buffer overflow. With a specially crafted request, an attacker can execute remote arbitrary code resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public, Exploit Commercial
Disclosure: OSVDB Verified, Vendor Verified
OSVDB: Security Software

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, McAfee has released a patch to address this vulnerability.

Products

McAfee, Inc.	ePolicy Orchestrator	3.5.0
McAfee, Inc.	ProtectionPilot	1.1.0

References

Security Tracker: 1016970 1016971
CVE ID: 2006-5156 (see also: NVD)
Bugtraq ID: 20288
Secunia Advisory ID: 22222
Milw0rm: 2467
Exploit Database: 2467
SCIP VulDB ID: 2580
ISS X-Force ID: 29307
Metasploit ID: 29421
CERT VU: 842452
VUPEN Advisory: ADV-2006-3861
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0018.html
http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0029.html
Vendor Specific News/Changelog Entry: http://download.nai.com/products/patches/ePO/v3.5/EPO3506.txt
http://download.nai.com/products/patches/protectionpilot/v1.1.1/PRP1113.txt
Other Advisory URL: http://www.remote-exploit.org/advisories/mcafee-epo.pdf
Generic Exploit URL: http://www.saintcorporation.com/cgi-bin/exploit_info/mcafee_http_header_bo

Credit

Mati Aharoni - mutswhitehat.co.il -
Moti Joseph - -

Direct URL: http://osvdb.org/29421

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

McAfee, Inc.

ePolicy Orchestrator

ProtectionPilot

References

Credit