lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <3412.77.97.214.178.1205771717.TkMUQ2hZT098Rx0X.squirrel@77.97.214.178> Date: Mon, 17 Mar 2008 16:35:17 -0000 (GMT) From: greentea-lemon@...eyonder.co.uk To: bugtraq@...urityfocus.com Cc: neodwija@...il.com Subject: Re: Format string in McAfee Framework 3.6.0.569 (ePolicy Orchestrator 4.0) ** McAfee Security Bulletin - Common Management Agent 3.6.0 format string vulnerability with debug level set to 8 ** https://knowledge.mcafee.com/SupportSite/search.do?cmd=displayKC&docType=kc&externalId=615103&sliceId=SAL_Public This knowledgebase article shows the following versions as vulnerable: CMA 3.6.0.574 (Patch3) or earlier McAfee Agent (MA) 4.0 You need to change the debug level of the CMA product before you are at risk (as defined in the knowledgebase article).