Buffer Overflow in McAfee's ePolicy Orchestrator and ProtectionPilot
McAfee has provided security updates, now available for download, for their products ePolicy Orchestrator (EPO) and ProtectionPilot, to close a critical security hole in the server components. EPO handles the management and remote maintenance of McAfee's enterprise solutions. ProtectionPilot offers a similar security function for the small and medium business segment.
The hole is based on a buffer overflow in the Web server (NAISERV.exe) of the respective software, which can be provoked with manipulated HTTP-GET requests. Provided with LAN access, an attacker may inject their own code to launch and control a system.
A proof-of-concept exploit has already been published. Affected software releases include ePolicy Orchestrator 3.5.0 patch 5 (plus all previous versions) and ProtectionPilot, prior to and including 1.1.1 patch 2. According to McAfee, the update has already been distributed to the live update servers.
In mid-July, McAfee had to close a critical vulnerability in EPO, which also allowed attackers to inject malicious code. While this hole affected both the EPO agents and servers, the vendor states that the new bug only affects the servers.
- ePolicy Orchestrator (ePO) 3.5 Patch 6 or higher / ProtectionPilot (PrP)1.1.1 Patch 3 or higher fixes vulnerability allowing arbitrary command execution, McAfee Security Bulletin
- Release Notes for McAfee ePolicy Orchestrator, McAfee release notes
- McAfee EPO Buffer Overflow, exploit and vulnerability description by Muts