In association with heise online

31 October 2007, 12:42

McAfee E-Business Server executes injected code

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Security services provider Secunia has released a security advisory warning of a vulnerability in McAfee's E-Business Server encryption and data protection application. Attackers on the local network can send crafted packets during authentication causing the software to execute injected malicious code.

According to Secunia, assigning too high a value to the length field of an authentication packet can cause an integer overflow resulting in a buffer overflow on the heap. The bug affects E-Business Server 8.1.1 for Linux, Solaris versions and possibly other versions, but does not affect the Windows releases of the software. McAfee has released E-Business Server 8.1.2 for Linux, HP-UX and AIX as well as 8.5.3 for Solaris, in which the vulnerability is apparently fixed, for registered customers. Administrators should install the latest version ASAP.

See also:

(mba)

Print Version | Send by email | Permalink: http://h-online.com/-733882
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit