funsec mailing list archives
EPO vulnerability
From: Blanchard_Michael () emc com
Date: Wed, 14 Mar 2007 14:42:09 -0400
Just a heads up for those running McAfee's EPO, in case you haven't seen this yet: A vulnerability has been discovered in McAfee ePolicy Orchestrator (ePO) 3.61. A successful exploit of these security flaws would allow an attacker to remotely execute arbitrary code on the machine running McAfee ePolicy Orchestrator (ePO) server or the ePO management console. In order for this attack to work, an attacker has to be assisted by a user either on the ePO server or a user on a machine with the ePO remote management console installed on it. One such way that a user on one of these machines could assist the attacker is by rendering a malicious web page through Microsoft's Internet Explorer (IE). The command execution by the attacker will be limited to the privileges of the user on the machine. The attack requires reverse engineering of ePO, establishing a malicious web page and the cooperation from an ePO user. This attack will not result in a privilege escalation above that of the user assisting the attack. The ePO 3.6.1 Patch 1 will not allow these attacks! to be successful. McAfee ePO 3.61 Patch 1 has been available via McAfee ServicePortal <https://mysupport.mcafee.com/eservice_enu/start.swe> since of February 21 of 2007. This update removes the risk associated with this security flaw. *Frequently Asked Questions (FAQ) related to this security bulletin* - Who is affected by this security vulnerability? -- McAfee ePolicy Orchestrator 3.6.1 and earlier customers could be affected by this vulnerability. McAfee urges all customers to verify that they have received the latest updates. - Does this vulnerability affect McAfee enterprise products? -- Yes, only ePolicy Orchestrator Server 3.6.1 and earlier. - How do I know if my ePO server is patched or not? -- Log into the ePolicy Orchestrator console and verify if the server version is less than 3.6.1.202. Server version less than 3.6.1.202 are un-patched. - What has McAfee done to resolve the issue? -- McAfee believes in providing the most secure software to customers and has provided an update to this security flaw. - Where do I download the fix from? -- The fix can be downloaded from: https://mysupport.mcafee.com/eservice_enu/start.swe -- User may need to provide the grant number to initiate the download. - How does McAfee respond to this and any other security flaws? -- McAfee's key priority is the security of its customers. In an event if a vulnerability is found within any of McAfee's software, a strong process is in place to work closely with the relevant security research group to ensure the rapid and effective development of a fix and communication plan. McAfee is an active member of the Organization for Internet Safety (OIS) which is dedicated to developing guidelines and best practices for the reporting and fixing of software vulnerabilities. Michael P. Blanchard Antivirus / Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE Office of Information Security & Risk Management EMC ² Corporation 4400 Computer Dr. Westboro, MA 01580 Office: (508)898-7102 Cell: (508)958-2780 Pager: (877)552-3945 email: Blanchard_Michael () EMC COM _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Not so fast, broadband providers tell big users 'Richard M. Smith' (Mar 12)
- RE: Not so fast, broadband providers tell big users Blanchard_Michael (Mar 12)
- RE: Not so fast, broadband providers tell big users Gadi Evron (Mar 12)
- RE: Not so fast, broadband providers tell big users Blanchard_Michael (Mar 14)
- RE: Not so fast, broadband providers tell big users Drsolly (Mar 15)
- RE: Not so fast, broadband providers tell big users Gadi Evron (Mar 12)
- EPO vulnerability Blanchard_Michael (Mar 14)
- RE: Not so fast, broadband providers tell big users Blanchard_Michael (Mar 12)