eEye Digital Security has discovered a serious flaw within the Framework Service component of the McAfee EPO management console. The Framework service is enabled and running by default on all servers and agents. The framework service listens by default on port 8081 and accepts requests over the HTTP protocol. The framework service allows for remotely submitting configuration and update changes. Each request is encrypted, SHA-1 hashed and DSA signed, and written to a file on disk. Due to a directory traversal attack, it is possible to write any file with any contents to anywhere on the remote system. This flaw allows a remote attacker to anonymously compromise an affected system and execute code within the SYSTEM context. Systems affected are McAfee Common Management (EPO) Agent versions below version 3.5.5.438.
e8932eda7f9807583c185c48202c7d94d5af0ec25e49315aa830489d37bd37ed