In association with heise online

10 January 2008, 11:08

McAfee fixes vulnerability in E-Business Server

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Security consultants Infigo has discovered a vulnerability in McAfee's E-Business Server that could allow an attacker to bypass authentication and execute arbitrary code.

McAfee's E-Business Server normally leaves TCP port 1718 open, but the software is unable to deal with oversized authentication packets, causing the software to crash. McAfee has admitted the vulnerability could also be used to execute code.

The researchers at Infigo discovered the problem in version 8.5.2 of E-Business Server for Windows and Linux, although McAfee has accepted that older versions are also vulnerable. The company has made version 8.5.3 available for download to registered users, which fixes the problem. No fix is available for the Linux version yet. Administrators should download and install the newest Windows version as soon as possible. McAfee also recommends using a firewall to restrict port 1718 to trusted clients.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit