Signature Detail
Short Name |
APP:MCAFEE-ORCHESTRATOR-FS |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
McAfee Framework ePolicy Orchestrator Format String |
Release Date |
2008/03/25 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
APP: McAfee Framework ePolicy Orchestrator Format String
This signature detects attempts to exploit a known vulnerability against Mcafee ePolicy Orchestrator. Attackers can send unauthenticated UDP packets containing format strings, which allows the attacker to execute arbitrary code on the victim's machine.
Extended Description
McAfee Framework is prone to a remote format-string vulnerability. Exploiting this issue will allow attackers to execute arbitrary code with the permissions of the framework or of an application that uses the framework. Failed attacks will likely cause denial-of-service conditions. McAfee Common Managemetn Agent 3.6.0.574 (Patch3) or earlier, McAfee Agent (MA) 4.0, Framework 2.6.0.569 and ePolicy Orchestrator 4.0 are vulnerable to this issue; other versions may also be affected. NOTE: This issue occurs only when the default debug level (7) is raised to 8.
Affected Products
- McAfee Agent 4.0
- McAfee Common Management Agent (CMA) 3.0.6.453
- McAfee Common Management Agent (CMA) 3.5.5.438
- McAfee Common Management Agent (CMA) 3.6.0.438
- McAfee Common Management Agent (CMA) 3.6.0.453
- McAfee Common Management Agent (CMA) 3.6.0.546
- McAfee Common Management Agent (CMA) 3.6.0.574
- McAfee ePolicy Orchestrator 4.0
- McAfee McAfee Framework 3.6.0.569
References
- BugTraq: 28228
- BugTraq: 28228
- CVE: CVE-2008-1357
- URL: http://www.securityfocus.com/archive/1/20080312203328.6a67cfb2.aluigi@autistici.org