McAfee HTTP header processing buffer overflow

2006-10-06T00:00:00
ID SAINT:EB31E830B833F019A5EBFD618DC22CB1
Type saint
Reporter SAINT Corporation
Modified 2006-10-06T00:00:00

Description

Added: 10/06/2006
CVE: CVE-2006-5156
BID: 20288
OSVDB: 29421

Background

McAfee ePolicy Orchestrator and Protection Pilot are centralized security management products. These products include an HTTP server implemented by the **NAISERV.exe** program.

Problem

A buffer overflow vulnerability in the McAfee HTTP server allows remote attackers to execute arbitrary commands by sending a request containing long source headers.

Resolution

Apply the patch referenced in Secunia advisory 22222.

References

<http://www.kb.cert.org/vuls/id/842452>

Limitations

Exploit works on McAfee Protection Pilot 1.1.0.

Platforms

Windows