Vulnerabilities in McAfee ePolicy Orchestrator and ProtectionPilot
IBM Internet Security Services has released a security advisory regarding multiple vulnerabilities in McAfee's ePolicy Orchestrator and ProtectionPilot products. The vulnerabilities could be exploited by attackers to inject arbitrary program code from the local network onto systems running the software.
In the Common Management Agent (CMA), a buffer overflow, which could enable remote code execution, can occur during the processing of a specially crafted Ping packet. By means of such a specially crafted packet, which has not been specifically described, a buffer overflow can occur due to a faulty length check on the heap. Two additional vulnerabilities are due to a missing check on an integer overflow and also enable attackers to execute injected code – IBM ISS does not, however, specify which potential injection vector could be responsible.
The vulnerabilities affect the ePolicy Orchestrator 3.5, 3.6 and 3.6.1, ProtectionPilot 1.1.1 and 1.5 and Common Management Agent 18.104.22.1683 and previous versions. Although a patch from McAfee has been made available, it apparently has compatability problems with the ProtectionPilot. A download is available for registered users on McAfee's support pages.
- McAfee ePolicy Orchestrator Agent Remote Code Execution, security advisory from IBM Internet Security Services
- Stack corruption of Common Management Agent (CMA), security advisory from McAfee
- Stack based buffer overflow of Common Management Agent (CMA), security advisory from McAfee
- Heap based buffer overflow of Common Management Agent (CMA), security advisory from McAfee
- Crash of Framework service of McAfee Common Management Agent (CMA), security advisory from McAfee