Lucene search

SAINT CorporationSAINT:F747E172FAB64CE523BF0FBB0F0ECFC4

HistoryOct 06, 2006 - 12:00 a.m.

McAfee HTTP header processing buffer overflow

2006-10-0600:00:00

SAINT Corporation

download.saintcorporation.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

JSON

Added: 10/06/2006
CVE: CVE-2006-5156
BID: 20288
OSVDB: 29421

Background

McAfee ePolicy Orchestrator and Protection Pilot are centralized security management products. These products include an HTTP server implemented by the **NAISERV.exe** program.

Problem

A buffer overflow vulnerability in the McAfee HTTP server allows remote attackers to execute arbitrary commands by sending a request containing long source headers.

Resolution

Apply the patch referenced in Secunia advisory 22222.

References

<http://www.kb.cert.org/vuls/id/842452>

Limitations

Exploit works on McAfee Protection Pilot 1.1.0.

Platforms

Windows

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

JSON

Related for SAINT:F747E172FAB64CE523BF0FBB0F0ECFC4