[funsec] EPO vulnerability
Blanchard_Michael at emc.com
Blanchard_Michael at emc.com
Wed Mar 14 13:42:09 CDT 2007
Just a heads up for those running McAfee's EPO, in case you haven't seen this yet:
A vulnerability has been discovered in McAfee ePolicy Orchestrator (ePO) 3.61. A successful exploit of these security flaws would allow an attacker to remotely execute arbitrary code on the machine running McAfee ePolicy Orchestrator (ePO) server or the ePO management console. In order for this attack to work, an attacker has to be assisted by a user either on the ePO server or a user on a machine with the ePO remote management console installed on it. One such way that a user on one of these machines could assist the attacker is by rendering a malicious web page through Microsoft's Internet Explorer (IE). The command execution by the attacker will be limited to the privileges of the user on the machine. The attack requires reverse engineering of ePO, establishing a malicious web page and the cooperation from an ePO user. This attack will not result in a privilege escalation above that of the user assisting the attack. The ePO 3.6.1 Patch 1 will not allow these attacks to be successful.
McAfee ePO 3.61 Patch 1 has been available via McAfee ServicePortal <https://mysupport.mcafee.com/eservice_enu/start.swe> since of February 21 of 2007. This update removes the risk associated with this security flaw.
*Frequently Asked Questions (FAQ) related to this security bulletin*
- Who is affected by this security vulnerability?
-- McAfee ePolicy Orchestrator 3.6.1 and earlier customers could be affected by this vulnerability. McAfee urges all customers to verify that they have received the latest updates.
- Does this vulnerability affect McAfee enterprise products?
-- Yes, only ePolicy Orchestrator Server 3.6.1 and earlier.
- How do I know if my ePO server is patched or not?
-- Log into the ePolicy Orchestrator console and verify if the server version is less than 18.104.22.168. Server version less than 22.214.171.124 are un-patched.
- What has McAfee done to resolve the issue?
-- McAfee believes in providing the most secure software to customers and has provided an update to this security flaw.
- Where do I download the fix from?
-- The fix can be downloaded from: https://mysupport.mcafee.com/eservice_enu/start.swe
-- User may need to provide the grant number to initiate the download.
- How does McAfee respond to this and any other security flaws?
-- McAfee's key priority is the security of its customers. In an event if a vulnerability is found within any of McAfee's software, a strong process is in place to work closely with the relevant security research group to ensure the rapid and effective development of a fix and communication plan. McAfee is an active member of the Organization for Internet Safety (OIS) which is dedicated to developing guidelines and best practices for the reporting and fixing of software vulnerabilities.
Michael P. Blanchard
Antivirus / Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE
Office of Information Security & Risk Management
EMC ² Corporation
4400 Computer Dr.
Westboro, MA 01580
email: Blanchard_Michael at EMC.COM
More information about the funsec