I have to scan Nessus reports that both reported that: The remote host is
running ePolicy Orchestrator / ProtectionPilot, a system security management
solution from McAfee.
According to its banner, the Common Management Agent (CMA) associated with
ePolicy Orchestrator / ProtectionPilot on the remote host can be used by local
users to view files residing on the same partition as the affected application
with LocalSystem level privileges by creating symbolic links in the agent's web
root directory. This may enable them to read files to which they would not
otherwise have access.
See Also :
http://reedarvin.thearvins.com/20050811-01.html
http://www.nessus.org/u?4bed00fb
Solution:
Apply CMA 3.5 Patch 4 as described in the vendor's advisory.
Risk Factor :
Low / CVSS Base Score : 2
(AV:L/AC:L/Au:NR/C:C/A:N/I:N/B:N)
CVE : CVE-2005-2554, CVE-2005-2554
BID : 14549, 14549
Plugin ID : 19552
Problem
One workstation has EPO Agent Version 3.5.5.580 the other has EPO Agent Version
3.5.5.438
# There's a problem if ...
if (
# it looks like EPO and...
'<?xml-stylesheet type="text/xsl" href="FrameworkLog.xsl"?>' >< res &&
egrep(string:res, pattern:"^ +<Log component=.+</Log") &&
# the version is below 3.5.0.508 (ie, 3.5.0 patch 4)
egrep(string:res, pattern:"^ +<version>3\.([0-4]\..*|5\.0\.([0-4].*|50[0-7]))<")
) {
security_note(port);
}
If I'm reading the above code correct, this plug in should not have reported
that the versions were below 3.5.0.508
Thank you in advance --John
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
