OSVDB ID: 36100

Title: McAfee Multiple Products ePolicy Orchestrator Crafted Packet Remote Overflow

Info

Disclosure

Jul 10, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in McAfee Common Management Agent. The CMA agent fails to check proper bounds on certain packets resulting in a heap-based overflow. With a specially crafted request, an attacker can cause arbitrary code execution or trigger a denial of service resulting in a loss of confidentiality and/or availability.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified
OSVDB: Security Software

Solution

Upgrade to McAfee Common Management Agent 3.6.0 Patch 1 (3.6.0.546) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

McAfee, Inc.	ProtectionPilot	1.1.1
		1.5
	ePolicy Orchestrator	3.5
		3.6
		3.6.1
	Common Management Agent	3.5.5.438
		3.6.0.453

References

Security Tracker: 1018363
CVE ID: 2006-5273 (see also: NVD)
Bugtraq ID: 24863
Secunia Advisory ID: 26029
ISS X-Force ID: 31164
Related OSVDB ID: 36098 36099 36101
VUPEN Advisory: ADV-2007-2498
Other Advisory URL: http://www.iss.net/threats/269.html
Vendor Specific News/Changelog Entry: https://knowledge.mcafee.com/article/763/613366_f.SAL_Public.html

Credit

Neel Mehta - -

Direct URL: http://osvdb.org/36100

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

McAfee, Inc.

ProtectionPilot

ePolicy Orchestrator

Common Management Agent

References

Credit