McAfee ePolicy Orchestrator "logDetail()" Format String Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 14 Mar 2008 5620 Views

RISK: Medium Risk

Medium Risk

A vulnerability has been identified in McAfee ePolicy Orchestrator, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system. This issue is caused by a format string error in the "logDetail()" [applib.dll] and "_naimcomn_Log()" [nailog2.dll] function when logging user-supplied requests sent to port 8082/UDP, which could be exploited by remote unauthenticated attackers to crash an affected application or execute arbitrary code via a specially crafted request containing a malformed "sender" field.

Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • McAfee ePolicy Orchestrator version 4.0 and prior

Solutions

There is no patch available for this vulnerability currently.

Temporary Solution: Restrict network access to the service.

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

Microsoft Office Web Components Two Vulnerabilites( 12 March 2008 )

12 Mar 2008 5548 Views

Next

Cisco User-Changeable Password Remote Buffer Overflow Vulnerabilities

14 Mar 2008 5698 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY