INFIGO-2008-01-06.txt

INFIGO-2008-01-06.txt: Posted Jan 9, 2008; Authored by Leon Juranic | Site infigo.hr; INFIGO IS Security Advisory #ADV-2008-01-06 - The McAfee E-Business Server versions 8.5.2 and below suffer from a pre-authentication code execution and denial of service vulnerability.; tags | advisory, denial of service, code execution; SHA-256 | 7129afa195fe0c40d1247cd6d401cf701a55ca378c31f5c79339a620eade8866; Download | Favorite | View

INFIGO-2008-01-06.txt


                 INFIGO IS Security Advisory #ADV-2008-01-06
                                  http://www.infigo.hr/en/




Title: McAfee E-Business Server Remote Preauth Code Execution / DoS
Advisory ID: INFIGO-2008-01-06
Date: 2008-01-09
Advisory URL: http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-01-06
Impact: Remote code execution
Risk Level: High
Vulnerability Type: Remote




==[ Overview

McAfee E-Business Server guards sensitive corporate data with
industry-standard
PGP 128-bit encryption and authentication. McAfee E-Business Server supports
a
variety of platforms and security certificates.



==[ Vulnerability

During an audit of McAfee E-Business Server, we have discovered a
vulnerability
in the administration interface (TCP port 1718).
It is possible to crash McAfee E-Business Server during the authentication
process.
When a malformed (oversized) initial authentication packet is sent to
E-Business Server,
the server will crash, and will have to be manually restarted.

A malformed authentication packet is shown below:
"\x01\x3f\x2f\x05\x25\x2a" + "A" * 69953

McAfee further researched the vulnerability and confirmed that it allows an
attacker
to also remotely execute code.



==[ Affected Version

The vulnerability has been identified in the latest available McAfee
E-Business Server 8.5.2, and it was successfully tested on Windows and Linux
platforms.
Previous versions are believed to be vulnerable as well.



==[ Fix

The vendor has addressed this vulnerability with E-Business server patch
update
on January 8th, 2008.

Vendor advisory and update link:
https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=614472&sliceId=SAL_Public&command=show&forward=nonthreadedKC&kcId=614472



==[ PoC Exploit

http://www.infigo.hr/files/mcafee2.pl



==[ Vendor status

11.28.2007 - Initial contact
11.29.2007 - Initial vendor response
11.30.2007 - Vendor response
12.03.2007 - Vendor status update
12.10.2007 - Vendor status update
12.17.2007 - Vendor status update
01.07.2008 - Vendor status update
01.09.2008 - Coordinated public disclosure



==[ Credits

Vulnerability discovered by Leon Juranic <leon.juranic@infigo.hr>.



==[ INFIGO IS Security Contact

INFIGO IS,

WWW : http://www.infigo.hr/en/
E-mail : infocus@infigo.hr

Top Authors In Last 30 Days

Red Hat 237 files
indoushka 157 files
Jay Turla 150 files
Ubuntu 68 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,104)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,119)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (387)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,136)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,775)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,828)
UNIX (9,454)
UnixWare (188)
Windows (6,766)
Other

INFIGO-2008-01-06.txt

INFIGO-2008-01-06.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

INFIGO-2008-01-06.txt

Share This

INFIGO-2008-01-06.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems