« Highly critical Symantec Mail Security for Exchange Highly critical Vulnerabilities in Apple QuickTime »

Nov 05 2007

Profile Image of MuZumbu
MuZumbu

McAfee E-Business Server Moderately critical Vulnerability

Posted at 1:03 pm under Secunia

Secunia Advisory: SA26372  
Release Date: 2007-10-31
 
Critical:
Moderately critical
Impact: System access
Where: From local network
Solution Status: Vendor Patch
 
Software: McAfee e-Business Server 8.x
 
CVE reference: CVE-2007-2957 (Secunia mirror)
 
 
 
Description:
Secunia Research has discovered a vulnerability in McAfee E-Business Server, which can be exploited by malicious people to compromise a vulnerable system.The vulnerability is caused due to an integer overflow within the e-Business administration utility service when parsing authentication packets. This can be exploited to cause a heap-based buffer overflow via a specially crafted authentication packet with an overly large length value.

Successful exploitation allows execution of arbitrary code.

Solution:
Update to E-Business Server 8.5.3 for Solaris or E-Business Server 8.1.2 for Linux/HP-UX/AIX.

NOTE: The Windows version is not affected.

Provided and/or discovered by:
Dyon Balding, Secunia Research.

No responses yet

Trackback URI | Comments RSS

Leave a Reply

You must be logged in to post a comment.

"