I have some questions about plugin 22494 and the following from a scan;
Arbitrary code can be executed on the remote host due to a flaw in the web
service.
Description :
The remote host is running McAfee ePolicy Orchestrator web service. The remote
version of this software is vulnerable to a Stack Overflow vulnerability.
An unauthenticated attacker can exploit this flaw by sending a specialy crafted
packet to the remote host. A successful exploitation of this vulnerability
would result in remote code execution with the
privileges of the SYSTEM.
See Also :
http://www.remote-exploit.org/advisories/mcafee-epo.pdf
Solution:
Install ePO 3.5.0 Path 6.
Risk Factor :
Critical / CVSS Base Score : 10
(AV:R/AC:L/Au:NR/C:C/A:C/I:C/B:N)
CVE : CVE-2006-5156, CVE-2006-5156, CVE-2006-5156
BID : 20288, 20288, 20288
Other references : OSVDB:29421
Plugin ID : 22494
The plugin looks for "string:rootfile) + "\NaiMServ.Exe";"
then determines the version number
if ( (version[0] < 4) ||
(version[0] == 3 && version[1] <= 5) ||
(version[0] == 3 && version[1] == 5 && version[2] == 0 && version[3] < 715) )
If the version number is less than 3.5.0.715 it generates the above commints
and says the solution is to install 3.5.0 patch 6.
I manually verified the version of NaiMServ.exe and it was at 3.5.0.723, which
is 3.5.0.patch 7. Is the plugin triggering a false postive because the version
is greater then 715 and it does not know how to handle that?
Thanks in advance
John
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
