From: Ritchey, Gail (COT)
Sent: Tuesday, October 03, 2006 8:35 AM
To: COT Constitutional CIO Security Contacts; COT Cabinet CIO Security Contacts; COT Commonwealth Technology Council
Cc: COT Exchange Administrators; COT Security Alert Contacts; COT Security Contact COT-Support; COT Security Contact Pass; COT Security Contact Self-Support; COT Technical Contacts; SecurityContacts Group
Subject: Security Alert: McAfee ePO 3.5 Exploit
Attachments: Picture (Metafile)
COT Security Alert
McAfee ePolicy Orchestrator (McAfee ePO) is used by some Commonwealth of Kentucky agencies to manage end-user McAfee anti-virus clients.
The HTTP server components of McAfee ePolicy Orchestrator 3.5.0 and ProtectionPilot 1.1.0 are prone to a remote stack buffer-overflow vulnerability that can lead to complete system compromise. McAfee ePolicy Orchestrator 3.6 is not affected by the vulnerability.
A successful attack may result in arbitrary code execution with SYSTEM privileges leading to a full compromise.
McAfee has released the Patch 6 download found at http://www.mcafee.com/apps/downloads/security_updates/hotfixes.asp?region=us&segment=enterprise to fix the vulnerability .
For more information see this site on the McAfee ePolicy 3.5.0 / Protection Pilot 1.1.0 Vulnerability by the BackTrack Development Team. http://www.remote-exploit.org/advisories/mcafee-epo.pdf
NOTICE: COT is providing this information so that you are aware of the latest security threats, vulnerabilities, software patches, etc. You should consult with your network administrator or other technical resources to ensure that the appropriate actions for these alerts are followed. If you are a network administrator and need additional information, please call the Help Desk at 502.564.7576.
Commonwealth Office of Technology
Office of Infrastructure Services
Division of Security Services
101 Cold Harbor Drive
Frankfort, KY 40601
COTSecurityServices@ky.gov
http://technology.ky.gov/security/