| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 2 Oct 2006 03:55:37 +0200
From: "muts" <muts@...ote-exploit.org>
To: <full-disclosure@...ts.grok.org.uk>
Subject: McAfee EPO Buffer Overflow
###################################################################
# #
# McAfee Epolicy 3.5.0 / Protection Pilot 1.1.0 Buffer Overflow #
#
#
# www.remote-exploit.org
#
#
#
# muts {at} remote-exploit org #
###################################################################
[-] Product Information
McAfeeR ePolicy OrchestratorR is a security management solution that gives
you a coordinated defense against malicious threats and attacks. As your
central hub, you can keep protection up to date; configure and enforce
protection policies; and monitor security status from one centralized
console.
[-] Vulnerability Description
McAfeeR ePolicy OrchestratorR contains a pre-authentication buffer overflow
vulnerability in NAISERV.exe. Protection Pilot 1.1.0 uses the same HTTP
server, and is also vulnerable.
[-] Exploit
Proof of concept exploit code is available at
http://www.remote-exploit.org/exploits/mcafee_epolicy_source.pm
[-] Exploitation Details
http://www.remote-exploit.org/advisories/mcafee-epo.pdf
[-] Vendor Status
Vendor was notified July 14th, 2006. ehm.
[-] Credits
The vulnerability was discovered by Mati Aharoni (muts) and xbxice.
[-] Shameless Promotion
Get ready for BackTrack v.2.0!
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists