OSVDB ID: 36099

Title: McAfee Multiple Products ePolicy Orchestrator Crafted Ping Packet Remote Overflow

Info

Disclosure

Jul 10, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in McAfee Common Management Agent. The CMA agent fails to check for proper boundary limits on receiving ping packets resulting in a stack-based overflow. With a specially crafted request, an attacker can cause arbitrary code execution or trigger a denial of service resulting in a loss of integrity and/or availability.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified
OSVDB: Security Software

Solution

Upgrade to McAfee Common Management Agent 3.6.0 patch 1 (3.6.0.546) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

McAfee, Inc.	ePolicy Orchestrator	3.5
		3.6
		3.6.1
	ProtectionPilot	1.1.1
		1.5
	Common Management Agent	3.6.0.453 and earlier

References

Security Tracker: 1018363
CVE ID: 2006-5272 (see also: NVD)
Bugtraq ID: 24863
Secunia Advisory ID: 26029
ISS X-Force ID: 31163
Related OSVDB ID: 36098 36100 36101
VUPEN Advisory: ADV-2007-2498
Other Advisory URL: http://www.iss.net/threats/269.html
Vendor Specific News/Changelog Entry: https://knowledge.mcafee.com/article/762/613365_f.SAL_Public.html

Credit

Neel Mehta - -

Direct URL: http://osvdb.org/36099

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

McAfee, Inc.

ePolicy Orchestrator

ProtectionPilot

Common Management Agent

References

Credit