OSVDB ID: 36098

Title: McAfee Multiple Products ePolicy Orchestrator Crafted UDP Packet Remote Overflow

Info

Disclosure

Jul 10, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in McAfee Common Management Agent. The CMA agent is vulnerable to an integer underflow resulting in a stack corruption. With a specially crafted UDP packet, an attacker can cause remote code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified
OSVDB: Security Software

Solution

Upgrade to McAfee Common Management Agent 3.6 patch 1 (3.6.0.546) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

McAfee, Inc.	ePolicy Orchestrator	3.5
		3.6
		3.6.1
	ProtectionPilot	1.1.1
		1.5
	Common Management Agent	3.6.0.453 and earlier

References

Security Tracker: 1018363
CVE ID: 2006-5271 (see also: NVD)
Bugtraq ID: 24863
Secunia Advisory ID: 26029
ISS X-Force ID: 31162
Related OSVDB ID: 36099 36100 36101
VUPEN Advisory: ADV-2007-2498
Other Advisory URL: http://www.iss.net/threats/269.html
Vendor Specific News/Changelog Entry: https://knowledge.mcafee.com/article/761/613364_f.SAL_Public.html

Credit

Neel Mehta - -

Direct URL: http://osvdb.org/36098

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

McAfee, Inc.

ePolicy Orchestrator

ProtectionPilot

Common Management Agent

References

Credit