McAfee Multiple Product /spipe/pkg/ Source Header Overflow

2006-10-02T11:34:08
ID OSVDB:29421
Type osvdb
Reporter Moti Joseph(), Mati Aharoni(muts@whitehat.co.il)
Modified 2006-10-02T11:34:08

Description

Vulnerability Description

A remote overflow exists in ePolicy Orchestrator and ProtectionPilot. The product fails to handle requests to /spipe/pkg/ with a long source header resulting in a buffer overflow. With a specially crafted request, an attacker can execute remote arbitrary code resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, McAfee has released a patch to address this vulnerability.

Short Description

A remote overflow exists in ePolicy Orchestrator and ProtectionPilot. The product fails to handle requests to /spipe/pkg/ with a long source header resulting in a buffer overflow. With a specially crafted request, an attacker can execute remote arbitrary code resulting in a loss of integrity.

References:

Vendor Specific News/Changelog Entry: http://download.nai.com/products/patches/ePO/v3.5/EPO3506.txt Vendor Specific News/Changelog Entry: http://download.nai.com/products/patches/protectionpilot/v1.1.1/PRP1113.txt Security Tracker: 1016970 Security Tracker: 1016971 Secunia Advisory ID:22222 Other Advisory URL: http://www.remote-exploit.org/advisories/mcafee-epo.pdf Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0018.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0029.html ISS X-Force ID: 29307 FrSIRT Advisory: ADV-2006-3861 CVE-2006-5156 CERT VU: 842452 Bugtraq ID: 20288