McAfee Common Management Agent < 3.6.0.595 UDP Packet Handling Format String

high Nessus Plugin ID 31732

Synopsis

A security management service running on the remote host is affected by a remote code execution vulnerability.

Description

According to its banner, the version of McAfee Common Management Agent (CMA) running on the remote host is prior to 3.6.0.595. It is, therefore, affected by a flaw in the logDetail() function of applib.dll due to calling vsnwprintf() without the needed format string argument. An unauthenticated, remote attacker can exploit this, via a specially crafted UDP packet, to cause a denial of service condition or the execution of arbitrary code. This issue only occurs when the debug level is set to 8 (the highest level but not the default). Note that Nessus has not checked the debug level setting, only the version number in the agent's banner.

Solution

Apply Hotfix BZ398370 Build 595 for McAfee Common Management Agent version 3.6.0 Patch 3.

See Also

http://aluigi.altervista.org/adv/meccaffi-adv.txt

https://www.securityfocus.com/archive/1/archive/1/489476/100/0/threaded

Plugin Details

Severity: High

ID: 31732

File Name: mcafee_cma_3_6_0_595.nasl

Version: 1.26

Type: remote

Family: CGI abuses

Published: 4/3/2008

Updated: 1/19/2021

Configuration: Enable paranoid mode

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.6

Temporal Score: 6.5

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Temporal Vector: E:POC/RL:W/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:mcafee:common_management_agent, cpe:/a:mcafee:epolicy_orchestrator

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/14/2008

Vulnerability Publication Date: 3/12/2008

Reference Information

CVE: CVE-2008-1357

BID: 28228

Secunia: 29337

EDB-ID: 31399

CWE: 134