McAfee EPolicy Orchestrator和ProtectionPilot HTTP Server远程缓冲区溢出漏洞

2006-10-27T00:00:00
ID SSV:178
Type seebug
Reporter Root
Modified 2006-10-27T00:00:00

Description

McAfee Security ePolicy Orchestrator是一款企业级反病毒管理工具。

ePolicy Orchestrator及ProtectionPilot所带的HTTP Server在处理用户请求时存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞在服务器上执行任意指令。

ePolicy Orchestrator及ProtectionPilot在处理HTTP请求中的超长Source头选项数据时存在缓冲区溢出,远程攻击者可能通过超长的精心构造的数据溢出缓冲区执行任意指令。 0 McAfee ePolicy Orchestrator <= 3.5 patch 5 McAfee ProtectionPilot 1.1.1 McAfee ProtectionPilot 1.1 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://download.nai.com/products/patches/protectionpilot/v1.1.1/PRP1113.zip http://download.nai.com/products/patches/ePO/v3.5/EPO3506.zip

                                        
                                            
                                                ##
# This file is part of the Metasploit Framework and may be redistributed
# according to the licenses defined in the Authors field below. In the
# case of an unknown or missing license, this file defaults to the same
# l