McAfee Common Management Agent FrameworkService.exe denial of service
| mcafee-cma-frameworkservice-dos (41597) |  Low Risk |
Description:
The McAfee Common Management Agent, as used by multiple McAfee products, is vulnerable to a denial of service, caused by an error in FrameworkService.exe. By sending a specially-crafted request to TCP port 8081, a remote attacker could crash the application.
Platforms Affected:
- McAfee, Common Management Agent 3.6.0
- McAfee, ePolicy Orchestrator 3.6.0
- McAfee, ePolicy Orchestrator 3.6.1
- McAfee, ePolicy Orchestrator 4.0
- McAfee, ProtectionPilot 1.5
Remedy:
Refer to McAfee Security Alert Document ID: 615324 for patch, upgrade or suggested workaround information. See References.
Consequences:
Denial of Service
References:
- McAfee Security Alert Document ID: 615324, McAfee Security Bulletin - CMA HTTP Request DoS vulnerability at https://knowledge.mcafee.com/article/219/615324_f.SAL_Public.html.
- McAfee Web site, McAfee ePolicy Orchestrator at http://www.mcafee.com/us/enterprise/products/system_security_management/epolicy_orchestrator.html.
- BID-28573: McAfee Common Management Agent 'FrameworkService.exe' Remote Denial of Service Vulnerability
- CVE-2008-1855: FrameworkService.exe in McAfee Common Management Agent (CMA) 3.6.0.574 Patch 3 and earlier, as used by ePolicy Orchestrator (ePO) and ProtectionPilot (PrP), allows remote attackers to corrupt memory and cause a denial of service (CMA Framework service crash) via a long invalid method in requests for the /spin//AVClient//AVClient.csp URI, a different vulnerability than CVE-2006-5274.
- FrSIRT/ADV-2008-1122: McAfee Common Management Agent Denial of Service Vulnerability
- SA29637: McAfee Common Management Agent Framework Service Denial of Service
- SECTRACK ID: 1019794: McAfee ePolicy Orchestrator Common Management Agent Memory Bug Lets Remote Users Deny Service
Reported:
Apr 02, 2008
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net