McAfee ePolicy Orchestrator HTTP POST spipe/file Handler Arbitrary File Creation

2004-04-23T07:26:32
ID OSVDB:5626
Type osvdb
Reporter Ben Layer()
Modified 2004-04-23T07:26:32

Description

Vulnerability Description

McAfee ePolicy Orchestrator contains a flaw that may allow a malicious user to execute arbitrary code with system privileges. The flaw is due to the server not properly sanitizing HTTP POST requests. If an attacker supplies a specially crafted request, they may be able to create arbitrary files. With the right files, it is possible to create an installation package that would be executed under some circumstances, allowing arbitrary commands and files to be run with the privileges of the ePo server.

Solution Description

Upgrade to version 2.5.1 Patch 14 or higher or 3.0 SP2a Patch 4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

McAfee ePolicy Orchestrator contains a flaw that may allow a malicious user to execute arbitrary code with system privileges. The flaw is due to the server not properly sanitizing HTTP POST requests. If an attacker supplies a specially crafted request, they may be able to create arbitrary files. With the right files, it is possible to create an installation package that would be executed under some circumstances, allowing arbitrary commands and files to be run with the privileges of the ePo server.

References:

Vendor Specific Solution URL: http://download.nai.com/products/patches/ePO/v2.x/EPO25114.zip Vendor Specific Solution URL: http://download.nai.com/products/patches/ePO/v3.0/EPO3024.ZIP Vendor Specific Advisory URL Secunia Advisory ID:11471 Other Advisory URL: http://xforce.iss.net/xforce/alerts/id/173 Keyword: TCP Port 81 Keyword: EPO25114 EPO3024 ISS X-Force ID: 14166 CVE-2004-0038 Bugtraq ID: 10200