| VID |
22370 |
| Severity |
30 |
| Port |
8081 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The ePolicy orchestrator, according to its version number, has a local information disclosure vulnerability. Network Associates McAfee ePolicy Orchestrator is an antivirus program management tool for Microsoft Windows operating systems. McAfee ePolicy Orchestrator version 3.5.0 patch 3 is vulnerable to a local information disclosure vulnerability. This issue is due to incorrectly configured directory permissions in the default installation process of the application. A local attacker could exploit this vulnerability to access arbitrary files located in the same partition as the affected directory with SYSTEM privileges. This will aid them in further attacks.
* Note: This check solely relied on the version number of the McAfee ePolicy Orchestrator installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://reedarvin.thearvins.com/20050811-01.html
http://tinyurl.com/8tm9m
http://archives.neohapsis.com/archives/bugtraq/2005-08/0168.html
* Platforms Affected:
NAI, McAfee ePolicy Orchestrator 3.5.0 Patch 3
Microsoft Windows Any version |
| Recommendation |
Apply CMA 3.5 Patch 4 or upgrade the Common Management Agent component, as listed in Solution ID kb42216 at http://knowledgemap.nai.com/KanisaSupportSite/search.do;jsessionid=AFF7A156A6D66FE1C9A0733AFEC48435?cmd=displayKC&docType=kc&externalId=KBkb42216xml&language=en_US |
| Related URL |
CVE-2005-2554 (CVE) |
| Related URL |
14549 (SecurityFocus) |
| Related URL |
21796 (ISS) |
|
