In association with heise online

12 July 2007, 10:16

Vulnerabilities in McAfee ePolicy Orchestrator and ProtectionPilot

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

IBM Internet Security Services has released a security advisory regarding multiple vulnerabilities in McAfee's ePolicy Orchestrator and ProtectionPilot products. The vulnerabilities could be exploited by attackers to inject arbitrary program code from the local network onto systems running the software.

In the Common Management Agent (CMA), a buffer overflow, which could enable remote code execution, can occur during the processing of a specially crafted Ping packet. By means of such a specially crafted packet, which has not been specifically described, a buffer overflow can occur due to a faulty length check on the heap. Two additional vulnerabilities are due to a missing check on an integer overflow and also enable attackers to execute injected code – IBM ISS does not, however, specify which potential injection vector could be responsible.

The vulnerabilities affect the ePolicy Orchestrator 3.5, 3.6 and 3.6.1, ProtectionPilot 1.1.1 and 1.5 and Common Management Agent and previous versions. Although a patch from McAfee has been made available, it apparently has compatability problems with the ProtectionPilot. A download is available for registered users on McAfee's support pages.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit