Check Point Advisories

Update Protection against McAfee ePolicy Orchestrator Framework Services HTTP Buffer Overflow Vulnerability

Check Point Reference: CPAI-2008-127
Date Published: 9 May 2008
Severity: High
Last Updated: Monday 04 August, 2008
Source: Secunia Advisory: SA29637
Industry Reference:CVE-2008-1855
Protection Provided by:
Who is Vulnerable? McAfee ePolicy Orchestrator 4.0
Vulnerability Description A buffer overflow vulnerability was reported in the McAfee ePolicy Orchestrator (ePO) Framework Services. McAfee ePolicy Orchestrator is a central management system to enforce and monitor system security. A remote attacker could exploit this issue to execute arbitrary code on the affected system.
Update/Patch AvaliableApply patch:
McAfee Common Management Agent (CMA) 3.6.0 Patch 3 with HotFix 10
Vulnerability DetailsThe vulnerability is due to a boundary error in the Framework Services when handling malformed HTTP requests. To trigger this flaw, an attacker can specially craft a malicious request and send it to the target host. Successful exploitation of this issue may cause a denial of service condition allowing execution of arbitrary code on the vulnerable system.

Protection Overview

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.