Ravens PHP Scripts

McAfee ePolicy Orchestrator / ProtectionPilot ActiveX Control Buffer Overflows
Date: Wednesday, March 14, 2007 @ 07:01:18 CET
Topic: Security


SECUNIA ADVISORY ID: SA24466

VERIFY ADVISORY: http://secunia.com/advisories/24466/

CRITICAL: Highly critical

IMPACT: System access

WHERE: >From remote

SOFTWARE:
McAfee ePolicy Orchestrator 3.x - http://secunia.com/product/1943/
McAfee ProtectionPilot 1.x - http://secunia.com/product/5538/

DESCRIPTION: cocoruder has reported some vulnerabilities in McAfee ePolicy Orchestrator and ProtectionPilot, which can be exploited by malicious people to compromise a user's system.



The vulnerabilities are caused due to boundary errors within the SITEMANAGER.DLL ActiveX Control when processing arguments passed to the "ExportSiteList()" and "VerifyPackageCatalog()" methods. These can be exploited to cause stack-based buffer overflows via an overly long string passed as argument to the affected methods. Successful exploitation allows execution of arbitrary code.

The vulnerabilities affect the following products:
* McAfee ePolicy Orchestrator 3.5.0 (Patch 5 and earlier)
* McAfee ePolicy Orchestrator 3.6.0 (Patch 5 earlier)
* McAfee ePolicy Orchestrator 3.6.1
* McAfee ProtectionPilot 1.1.1 (Patch 3 and earlier)
* McAfee ProtectionPilot 1.5.0

SOLUTION:
Apply hotfix/patch.
https://mysupport.mcafee.com/eservice_enu/start.swe


McAfee ePolicy Orchestrator 3.5.0 (Patch 7 and earlier): Apply hotfix EPO350HF323550.
McAfee ePolicy Orchestrator 3.6.0 (Patch 5 earlier): Apply hotfix EPO360HF323553.
McAfee ePolicy Orchestrator 3.6.1: Apply Patch 1.
McAfee ProtectionPilot 1.1.1 (Patch 3 and earlier): Apply hotfix PRP111HF323555.
McAfee ProtectionPilot 1.5.0: Apply hotfix PRP150HF323558.

PROVIDED AND/OR DISCOVERED BY: cocoruder, Fortinet Security Research Team.

ORIGINAL ADVISORY:
Full Disclosure: http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052960.html
McAfee:
https://knowledge.mcafee.com/article/25/612495_f.SAL_Public.html
https://knowledge.mcafee.com/article/26/612496_f.SAL_Public.html






This article comes from Ravens PHP Scripts
http://www.ravenphpscripts.com

The URL for this story is:
http://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=2804