McAfee ePolicy Orchestrator / ProtectionPilot Source Header Buffer Overflow
Secunia Advisory: SA22222 Release Date: 2006-10-02
Переполнение буфера в McAfee ePolicy Orchestrator (buffer overflow) (Переполнение буфера в службе NAISERV.exe) security.nnov.ru
Critical: Moderately critical
Impact: System access
Where: From local network
Solution Status: Vendor Patch
McAfee ePolicy Orchestrator 3.x
McAfee ProtectionPilot 1.x
A vulnerability has been reported in McAfee ProtectionPilot and McAfee ePolicy Orchestrator, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error within the handling of long source headers. This can be exploited to cause a buffer overflow and potentially allows to execute arbitrary code by sending a specially crafted request to a vulnerable system.
The vulnerability has been reported in McAfee ProtectionPilot 1.1.0 and McAfee ePolicy Orchestrator 3.5.0. Other versions may also be affected.
Solution: Apply patches.
McAfee ProtectionPilot: http://download.nai.com/products/pat....1/PRP1113.zip
McAfee ePolicy Orchestrator: http://download.nai.com/products/pat....5/EPO3506.zip
Provided and/or discovered by: The vendor credits Mati Aharoni and Moti Joseph.