[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248364

 
 

909

 
 

195388

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-1357Date: (C)2008-03-17   (M)2023-12-22


Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in a sender field in an AgentWakeup request to UDP port 8082. NOTE: this issue only exists when the debug level is 8.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.4
Exploit Score: 4.9
Impact Score: 6.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: COMPLETE
  
Reference:
SECTRACK-1019609
http://www.securityfocus.com/archive/1/489476/100/0/threaded
BID-28228
SECUNIA-29337
SREASON-3748
ADV-2008-0866
http://aluigi.altervista.org/adv/meccaffi-adv.txt
https://knowledge.mcafee.com/article/234/615103_f.sal_public.html
mcafee-framework-format-string(41178)

CPE    1
cpe:/a:mcafee:epolicy_orchestrator:4.0
CWE    1
CWE-134

© SecPod Technologies