|
McAfee ePolicy Orchestrator Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA9413
|
|
|
Release Date:
|
2003-08-01
|
|
Popularity:
|
7,896 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Privilege escalation
System access
|
|
Where:
|
From local network
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | McAfee ePolicy Orchestrator 2.x
McAfee ePolicy Orchestrator 3.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2003-0148
CVE-2003-0149
CVE-2003-0616
|
|
Description:
Multiple vulnerabilities have been identified in ePolicy Orchestrator allowing malicious users to escalate their privileges or gain system access.
1) By sending a specially crafted HTTP request to the ePolicy Orchestrator server, it is possible to retreive the configuration file containing the username and password for the MSDE SA account. Although the password is encrypted, this is done using a DES variant and the secret key is stored in a DLL file.
This allows a malicious user to gain administrative (SA) privileges on MSDE. Furthermore, MSDE runs with "SYSTEM" privileges allowing the malicious user to gain complete control of the system.
2) By sending a malicious HTTP POST request to the server with a specially crafted format string, it may be possible to execute arbitrary code or cause the HTTP service to crash. The problem is that the server fails to handle format strings when logging failed name resolutions.
3) By sending a large HTTP POST request to the client, it is possible to cause a heap overflow. This causes the service to crash but may also allow execution of arbitrary code.
Issue 1 affects to ePolicy Orchestrator 2 and 3.
Issue 2 and 3 affects ePolicy Orchestrator 2.
Solution:
Patches are available:
http://www.networkassociates.com/us/downloads/updates/hotfixes.asp
Provided and/or discovered by:
Andreas Junestam, @stake
Original Advisory:
http://www.atstake.com/research/advisories/2003/a073103-1.txt
http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp
Other References:
McAfee has also written a knowledge base article (NAI33260) about this:
https://knowledgemap.nai.com/phpclient/homepage.aspx (login required)
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
