Description: Neel Mehta has reported some vulnerabilities in McAfee ePolicy Orchestrator and ProtectionPilot, which can be exploited by malicious people to compromise a vulnerable system.
1) An integer underflow error can be exploited to cause a memory corruption and execute arbitrary code.
2) A boundary error within the processing of pings can be exploited to cause a stack-based buffer overflow via a specially crafted packet.
Successful exploitation of this vulnerability allows execution of arbitrary code.
3) A boundary error can be exploited to cause a heap-based buffer overflow via a specially crafted packet.
Successful exploitation of this vulnerability allows execution of arbitrary code.
4) An integer overflow error can be exploited to cause a buffer overflow and execute arbitrary code.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.
Solution: Apply patches. Please see the vendor's advisories for details.
Provided and/or discovered by: Neel Mehta, IBM ISS X-Force.
Changelog: 2007-07-11: Added "McAfee Common Management Agent (CMA)" in affected product list.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
