Re: Format string in McAfee Framework 3.6.0.569 (ePolicy Orchestrator 4.0)

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Format string in McAfee Framework 3.6.0.569 (ePolicy Orchestrator 4.0)
From: greentea-lemon@xxxxxxxxxxxxxxxx
Date: Mon, 17 Mar 2008 16:35:17 -0000 (GMT)
Cc: neodwija@xxxxxxxxx
Importance: Normal
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: SquirrelMail/1.4.3a

** McAfee Security Bulletin - Common Management Agent 3.6.0 format string
vulnerability with debug level set to 8 **

https://knowledge.mcafee.com/SupportSite/search.do?cmd=displayKC&docType=kc&externalId=615103&sliceId=SAL_Public

This knowledgebase article shows the following versions as vulnerable:

CMA 3.6.0.574 (Patch3) or earlier
McAfee Agent (MA) 4.0

You need to change the debug level of the CMA product before you are at
risk (as defined in the knowledgebase article).

Prev by Date: Mutiple Timesheets <= 5.0 - Multiple Remote Vulnerabilities
Next by Date: VLC highlander bug
Previous by thread: Mutiple Timesheets <= 5.0 - Multiple Remote Vulnerabilities
Next by thread: VLC highlander bug
Index(es):
- Date
- Thread