CVE-2008-1357

medium

Description

Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in a sender field in an AgentWakeup request to UDP port 8082. NOTE: this issue only exists when the debug level is 8.

References

http://aluigi.altervista.org/adv/meccaffi-adv.txt

http://secunia.com/advisories/29337

http://securityreason.com/securityalert/3748

http://www.securityfocus.com/archive/1/489476/100/0/threaded

http://www.securityfocus.com/bid/28228

http://www.securitytracker.com/id?1019609

http://www.vupen.com/english/advisories/2008/0866/references

https://exchange.xforce.ibmcloud.com/vulnerabilities/41178

https://knowledge.mcafee.com/article/234/615103_f.sal_public.html

Details

Source: MITRE

Published: 2008-03-17

Updated: 2018-10-11

Type: CWE-134

Risk Information

CVSS v2

Base Score: 5.4

Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 4.9

Severity: MEDIUM