McAfee E-Business Server executes injected code
Security services provider Secunia has released a security advisory warning of a vulnerability in McAfee's E-Business Server encryption and data protection application. Attackers on the local network can send crafted packets during authentication causing the software to execute injected malicious code.
According to Secunia, assigning too high a value to the length field of an authentication packet can cause an integer overflow resulting in a buffer overflow on the heap. The bug affects E-Business Server 8.1.1 for Linux, Solaris versions and possibly other versions, but does not affect the Windows releases of the software. McAfee has released E-Business Server 8.1.2 for Linux, HP-UX and AIX as well as 8.5.3 for Solaris, in which the vulnerability is apparently fixed, for registered customers. Administrators should install the latest version ASAP.
- McAfee E-Business Server Auth Packet Handling Buffer Overflow, security advisory from Secunia
(mba)