Detections
Analytics

McAfee E-Business Server Administration Client Length Remote DoS

medium Nessus Plugin ID 25091

Synopsis

The remote Windows host has an application that is affected by a denial of service vulnerability.

Description

McAfee E-Business Server, an enterprise tool for digitally encrypting and signing electronic files, is installed on the remote host.

The Administration Agent component of the version of McAfee E-Business Server installed on the remote host reportedly fails to validate the length from a packet header before using it to try to read input. An unauthenticated, remote attacker may be able to leverage this issue to crash the affected service, thereby denying service to legitimate users.

Solution

Upgrade to e-Business Server 8.5.2 or later.

See Also

http://www.nessus.org/u?d7940d78

https://seclists.org/bugtraq/2007/Apr/304

https://knowledge.mcafee.com/article/780/612751_f.SAL_Public.html

Plugin Details

Severity: Medium

ID: 25091

File Name: mcafee_ebsadmin_length_dos.nasl

Version: 1.20

Type: local

Agent: windows

Family: Windows

Published: 4/30/2007

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:mcafee:common_management_agent

Required KB Items: SMB/Registry/Enumerated

Exploit Ease: No known exploits are available

Patch Publication Date: 4/17/2007

Vulnerability Publication Date: 4/17/2007

Reference Information

CVE: CVE-2007-2151

BID: 23544