In association with heise online

04 October 2006, 16:47

Buffer Overflow in McAfee's ePolicy Orchestrator and ProtectionPilot

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

McAfee has provided security updates, now available for download, for their products ePolicy Orchestrator (EPO) and ProtectionPilot, to close a critical security hole in the server components. EPO handles the management and remote maintenance of McAfee's enterprise solutions. ProtectionPilot offers a similar security function for the small and medium business segment.

The hole is based on a buffer overflow in the Web server (NAISERV.exe) of the respective software, which can be provoked with manipulated HTTP-GET requests. Provided with LAN access, an attacker may inject their own code to launch and control a system.

A proof-of-concept exploit has already been published. Affected software releases include ePolicy Orchestrator 3.5.0 patch 5 (plus all previous versions) and ProtectionPilot, prior to and including 1.1.1 patch 2. According to McAfee, the update has already been distributed to the live update servers.

In mid-July, McAfee had to close a critical vulnerability in EPO, which also allowed attackers to inject malicious code. While this hole affected both the EPO agents and servers, the vendor states that the new bug only affects the servers.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit