EPO vulnerability

[Blanchard_Michael () emc com]

 Just a heads up for those running McAfee's EPO, in case you haven't seen this yet:


A vulnerability has been discovered in McAfee ePolicy Orchestrator (ePO) 3.61.  A successful exploit of these security 
flaws would allow an attacker to remotely execute arbitrary code on the machine running McAfee ePolicy Orchestrator 
(ePO) server or the ePO management console.  In order for this attack to work, an attacker has to be assisted by a user 
either on the ePO server or a user on a machine with the ePO remote management console installed on it.  One such way 
that a user on one of these machines could assist the attacker is by rendering a malicious web page through Microsoft's 
Internet Explorer (IE).  The command execution by the attacker will be limited to the privileges of the user on the 
machine.  The attack requires reverse engineering of ePO, establishing a malicious web page and the cooperation from an 
ePO user. This attack will not result in a privilege escalation above that of the user assisting the attack.  The ePO 
3.6.1 Patch 1 will not allow these attacks!
  to be successful.
 
McAfee ePO 3.61 Patch 1 has been available via McAfee ServicePortal 
<https://mysupport.mcafee.com/eservice_enu/start.swe> since of February 21 of 2007.  This update removes the risk 
associated with this security flaw.


*Frequently Asked Questions (FAQ) related to this security bulletin*
 - Who is affected by this security vulnerability? 
 -- McAfee ePolicy Orchestrator 3.6.1 and earlier customers could be affected by this vulnerability. McAfee urges all 
customers to verify that they have received the latest updates.
 - Does this vulnerability affect McAfee enterprise products? 
 -- Yes, only ePolicy Orchestrator Server 3.6.1 and earlier.
 - How do I know if my ePO server is patched or not?
 -- Log into the ePolicy Orchestrator console and verify if the server version is less than 3.6.1.202. Server version 
less than 3.6.1.202 are un-patched.
 - What has McAfee done to resolve the issue? 
 -- McAfee believes in providing the most secure software to customers and has provided an update to this security flaw.
 - Where do I download the fix from?
 -- The fix can be downloaded from: https://mysupport.mcafee.com/eservice_enu/start.swe
 -- User may need to provide the grant number to initiate the download.
 - How does McAfee respond to this and any other security flaws? 
 -- McAfee's key priority is the security of its customers. In an event if a vulnerability is found within any of 
McAfee's software, a strong process is in place to work closely with the relevant security research group to ensure the 
rapid and effective development of a fix and communication plan. McAfee is an active member of the Organization for 
Internet Safety (OIS) which is dedicated to developing guidelines and best practices for the reporting and fixing of 
software vulnerabilities.




Michael P. Blanchard 
Antivirus / Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE
Office of Information Security & Risk Management 
EMC ² Corporation 
4400 Computer Dr. 
Westboro, MA 01580 
Office: (508)898-7102      
Cell:     (508)958-2780 
Pager:  (877)552-3945 
email:  Blanchard_Michael () EMC COM 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.