Security News Format String Vulnerability in McAfee
| Format String Vulnerability in McAfee |
 |
 |
| Written by Rebecca Mints |
| Thursday, 13 March 2008 16:21 |
|
A vulnerability has been discovered in McAfee ePolicy Orchestrator that causes a DoS. It was discovered by Luigi Auriemma. A format string error is the method of deployment for this vulnerability, due to an error within the McAfee Framework Service (FrameworkService.exe). It can be exploited through carefully crafted packets containing format string specifiers sent to default port 8082/UDP. Arbitrary code may be executed and exploitation crashes the McAfee Framework. The vulnerability has been confirmed in McAfee ePolicy Orchestrator version 4.0.0 (build 1015) and includes FrameworkService.exe version 3.6.0.569. Others may also be susceptible. A suggested solution to the problem is to restrict network access to the service. REFERENCES: Secunia.com McAfee ePolicy Orchestrator Framework Service Format String Vulnerability |