|
McAfee ePolicy Orchestrator / ProtectionPilot ActiveX Control Buffer Overflows
|
|
|
|
|
Secunia Advisory:
|
SA24466
|
|
|
Release Date:
|
2007-03-14
|
|
Last Update:
|
2007-03-23
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | McAfee ePolicy Orchestrator 3.x
McAfee ProtectionPilot 1.x
|
| | CVE reference: | CVE-2007-1498 (Secunia mirror)
CVE-2007-1449 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
cocoruder has reported some vulnerabilities in McAfee ePolicy Orchestrator and ProtectionPilot, which can be exploited by malicious people to compromise a user's system.
The vulnerabilities are caused due to boundary errors within the SITEMANAGER.DLL ActiveX Control when processing arguments passed to the "ExportSiteList()" and "VerifyPackageCatalog()" methods. These can be exploited to cause stack-based buffer overflows via an overly long string passed as argument to the affected methods.
Successful exploitation allows execution of arbitrary code.
The vulnerabilities affect the following products:
* McAfee ePolicy Orchestrator 3.5.0 (Patch 5 and earlier)
* McAfee ePolicy Orchestrator 3.6.0 (Patch 5 earlier)
* McAfee ePolicy Orchestrator 3.6.1
* McAfee ProtectionPilot 1.1.1 (Patch 3 and earlier)
* McAfee ProtectionPilot 1.5.0
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.
Solution:
Apply hotfix/patch.
https://mysupport.mcafee.com/eservice_enu/start.swe
McAfee ePolicy Orchestrator 3.5.0 (Patch 7 and earlier):
Apply hotfix EPO350HF323550.
McAfee ePolicy Orchestrator 3.6.0 (Patch 5 earlier):
Apply hotfix EPO360HF323553.
McAfee ePolicy Orchestrator 3.6.1:
Apply Patch 1.
McAfee ProtectionPilot 1.1.1 (Patch 3 and earlier):
Apply hotfix PRP111HF323555.
McAfee ProtectionPilot 1.5.0:
Apply hotfix PRP150HF323558.
Provided and/or discovered by:
cocoruder, Fortinet Security Research Team.
Changelog:
2007-03-15: Added link to Fortinet advisory.
2007-03-21: Added CVE reference.
2007-03-22: Added link to US-CERT.
Original Advisory:
McAfee:
https://knowledge.mcafee.com/article/25/612495_f.SAL_Public.html
https://knowledge.mcafee.com/article/26/612496_f.SAL_Public.html
Fortinet:
http://www.fortiguardcenter.com/advisory/FGA-2007-03.html
Other References:
US-CERT VU#714593:
http://www.kb.cert.org/vuls/id/714593
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
9 Related Secunia Security Advisories
|
|
|
1. McAfee Common Management Agent Framework Service Denial of Service
|
|
2. McAfee ePolicy Orchestrator Framework Service Format String Vulnerability
|
|
3. McAfee ePolicy Orchestrator / ProtectionPilot Common Management Agent Vulnerabilities
|
|
4. McAfee ePolicy Orchestrator / ProtectionPilot Source Header Buffer Overflow
|
|
5. McAfee ePolicy Orchestrator Directory Traversal Vulnerability
|
|
6. ePolicy Orchestrator / ProtectionPilot Insecure Directory Permissions
|
|
7. McAfee ePolicy Orchestrator HTTP POST Request Handling Vulnerability
|
|
8. McAfee ePolicy Orchestrator Invalid "Content-Length:" Denial of Service
|
|
9. McAfee ePolicy Orchestrator Multiple Vulnerabilities
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
