Register | Forget Password | Login
Search :
SecurityReason

News

Search

SecurityAlert

About SecurityAlert

ExploitAlert

SecurityReason Research
WLB

WLB Database

Send to WLB

About WLB
RSS

News

SecurityAlert

World Laboratory of Bugtraq

ExploitAlert

Apache

PHP
Corporate

Contact

About us
Services

SecurePHP
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com
Details : SecurityAlert

  Topic : Format string in McAfee Framework 3.6.0.569 (ePolicy Orchestrator 4.0)
  SecurityAlert : 3748
  CVE : CVE-2008-1357
  SecurityRisk : High  alert  (About)
  Remote Exploit : Yes
  Local Exploit : Yes
  Exploit Given : Yes
  Credit : Luigi Auriemma
  Published : 17.03.2008

  Affected Software : McAfee Framework 3.6.0.569 (ePolicy Orchestrator 4.0)



  Advisory Text :  

#######################################################################

Luigi Auriemma

Application: McAfee Framework
(implemented in McAfee ePolicy Orchestrator 4.0

http://www.mcafee.com/us/enterprise/products/system_security_management/
epolicy_orchestrator.html)
Versions: <= 3.6.0.569
Platforms: Windows
Bug: format string in _naimcomn_Log
Exploitation: remote
Date: 12 Mar 2008
Author: Luigi Auriemma
e-mail: aluigi (at) autistici (dot) org [email concealed]
web: aluigi.org

#######################################################################

1) Introduction
2) Bug
3) The Code
4) Fix

#######################################################################

===============
1) Introduction
===============

McAfee Framework is a framework used for building various services for
the McAfee products.
These services include HTTP servers and agents implemented, for
example, in McAfee ePolicy Orchestrator and possibly other products.

#######################################################################

======
2) Bug
======

The logDetail function of applib.dll (which is just a link to
naimcomn_LogDetailW -> _naimcomn_Log in nailog2.dll) is used for adding
new log entries and is affected by a format string vulnerability caused
by the calling of vsnwprintf without the needed format argument.

In McAfee ePolicy Orchestrator this vulnerability can be exploited
through the sending of a simple UDP packet with a malformed sender,
package or computer field. The output log file Agent_HOSTNAME.log is
located in the Db folder.

#######################################################################

===========
3) The Code
===========

http://aluigi.org/poc/meccaffi.zip

#######################################################################

======
4) Fix
======

No fix

#######################################################################

---
Luigi Auriemma
http://aluigi.org





  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

*BSD libc (strfmon) Multiple vulnerabilities

high- 2008-03-25

Maksymilian Arciemowicz discovered a Integer Overflow vulnerability in the libc library "strfmon()" function.A vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected *BSD systems.
Apache rss

» Apache Tomcat <=
   6.0.18 UTF8 Directory
   Traversal Vulnerability

» Apache Tomcat information
   disclosure vulnerability

» Apache Tomcat XSS
   vulnerability

» Apache-SSL memory
   disclosure
PHP rss

» PHP 5.2.6 chdir(),ftok()
   (standard ext) safe_mode
   bypass

» PHP 5.2.6 posix_access()
   (posix ext) safe_mode
   bypass

» PHP 5.2.5 and prior :
   *printf() functions
   Integer Overflow

» PHP 5.2.5 cURL safe_mode
   bypass
Copyright © SecurityReason. All Rights Reserved.