McAfee Framework ePolicy 3.x - Orchestrator '_naimcomn_Log' Remote Format String Vulnerability

2014-07-01T00:00:00
ID SSV:84729
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                source: http://www.securityfocus.com/bid/28228/info

McAfee Framework is prone to a remote format-string vulnerability.

Exploiting this issue will allow attackers to execute arbitrary code with the permissions of the framework or of an application that uses the framework. Failed attacks will likely cause denial-of-service conditions.
McAfee Common Managemetn Agent 3.6.0.574 (Patch3) or earlier, McAfee Agent (MA) 4.0, Framework 2.6.0.569 and ePolicy Orchestrator 4.0 are vulnerable to this issue; other versions may also be affected.

NOTE: This issue occurs only when the default debug level (7) is raised to 8. 

http://www.exploit-db.com/sploits/31399.zip