SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   McAfee ePolicy Orchestrator Vendors:   McAfee
McAfee ePolicy Orchestrator Common Management Agent Memory Bug Lets Remote Users Deny Service
SecurityTracker Alert ID:  1019794
SecurityTracker URL:  http://securitytracker.com/id/1019794
CVE Reference:   CVE-2008-1855   (Links to External Site)
Updated:  Apr 24 2008
Original Entry Date:  Apr 7 2008
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 3.6.x, 4.0
Description:   A vulnerability was reported in McAfee ePolicy Orchestrator in the Common Management Agent. A remote user can cause denial of service conditions.

A remote user can send specially crafted data to TCP port 8081 to cause the target Common Management Agent (CMA) service to crash.

CMA versions 3.6.0.574 (Patch3) and prior are affected.

Managed mode installations are affected. Standalone (unmanaged) installations are not affected.

Mati Aharoni of offensive-security.com reported this vulnerability.

The original advisory and a demonstration exploit is available at:

http://www.offensive-security.com/0day/mcafee_again.py.txt

Impact:   A remote user can cause denial of service conditions.
Solution:   The vendor has issued a hotfix (CMA 3.6.0 HotFix 10).

The vendor's advisory is available at:

https://knowledge.mcafee.com/article/219/615324_f.SAL_Public.html

Vendor URL:  knowledge.mcafee.com/article/219/615324_f.SAL_Public.html (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (2000), Windows (2003), Windows (XP)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC