CVE-2002-0690
CVSS10.0
发布时间 :2003-04-11 00:00:00
修订时间 :2008-09-05 16:28:41
NMCOS    

[原文]Format string vulnerability in McAfee Security ePolicy Orchestrator (ePO) 2.5.1 allows remote attackers to execute arbitrary code via an HTTP GET request with a URI containing format strings.


[CNNVD]McAfee ePolicy Orchestrator HTTP GET请求远程格式串漏洞(CNNVD-200304-078)

        
        McAfee Security ePolicy Orchestrator是企业级反病毒管理工具,ePolicy Orchestrator通过策略驱动配置和报告,有效管理用户桌面和服务的反病毒工具。
        ePolicy Orchestrator在处理网络请求时存在漏洞,远程攻击者利用这个漏洞进行格式串攻击,可能以SYSTEM权限在系统上执行任意指令。
        攻击者可以搜索反病毒防火墙,并访问TCP 8081端口,发送包含格式字符串字符的GET请求会导致服务崩溃,事件会记录到日志文件中,精心构建请求数据可能以SYSTEM权限在系统上执行任意指令。
        

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0690
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0690
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200304-078
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/7111
(VENDOR_ADVISORY)  BID  7111
http://www.atstake.com/research/advisories/2003/a031703-1.txt
(VENDOR_ADVISORY)  ATSTAKE  A031703-1
http://xforce.iss.net/xforce/xfdb/11559
(UNKNOWN)  XF  epolicy-get-format-string(11559)
http://www.securityfocus.com/archive/1/archive/1/315230/30/25490/threaded
(UNKNOWN)  BUGTRAQ  20030317 McAfee ePolicy Orchestrator Format String Vulnerability (a031703-1)
http://www.osvdb.org/4375
(UNKNOWN)  OSVDB  4375
http://secunia.com/advisories/8311
(UNKNOWN)  SECUNIA  8311

- 漏洞信息

McAfee ePolicy Orchestrator HTTP GET请求远程格式串漏洞
危急 设计错误
2003-04-11 00:00:00 2005-10-20 00:00:00
远程  
        
        McAfee Security ePolicy Orchestrator是企业级反病毒管理工具,ePolicy Orchestrator通过策略驱动配置和报告,有效管理用户桌面和服务的反病毒工具。
        ePolicy Orchestrator在处理网络请求时存在漏洞,远程攻击者利用这个漏洞进行格式串攻击,可能以SYSTEM权限在系统上执行任意指令。
        攻击者可以搜索反病毒防火墙,并访问TCP 8081端口,发送包含格式字符串字符的GET请求会导致服务崩溃,事件会记录到日志文件中,精心构建请求数据可能以SYSTEM权限在系统上执行任意指令。
        

- 公告与补丁

        厂商补丁:
        McAfee
        ------
        供应商已经提供补丁,但是不能直接下载,补丁通过EMAIL发送,联系信息为:
        
        http://www.nai.com/naicommon/aboutnai/contact/intro.asp#software-support

- 漏洞信息

4375
McAfee ePolicy Orchestrator HTTP GET Request Remote Format String
Remote / Network Access, Local / Remote, Context Dependent Input Manipulation
Loss of Integrity

- 漏洞描述

Network Associates ePolicy Orchestrator contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is due to a flaw in the way the software handles network requests. If an attacker supplies a specially crafted GET request format string they may be able to execute arbitrary code with SYSTEM privileges or crash the service.

- 时间线

2003-03-17 2002-05-01
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Network Associates has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

McAfee ePolicy Orchestrator HTTP GET Request Format String Vulnerability
Design Error 7111
Yes No
2003-03-17 12:00:00 2009-07-11 09:06:00
The discovery of this vulnerability has been credited to @stake.

- 受影响的程序版本

McAfee ePolicy Orchestrator 2.5.1

- 漏洞讨论

A format string vulnerability has been discovered in the McAfee ePolicy Orchestrator Agent. The issue occurs when processing HTTP GET requests that contain format specifiers. The successful exploitation of this vulnerability may allow an attacker to execute arbitrary commands with SYSTEM privileges.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

It has been reported that a patch for this issue has been developed. Information on how to obtain this fix is available in the attached @stake advisory.

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站