HTTP: McAfee Server Header Overflow
This signature detects attempts to exploit a known vulnerability against several McAfee system security management products. It is due to improper boundary checks when parsing HTTP request header fields. A successful unauthenticated remote attacker can execute arbitrary code with System level privileges.
Extended Description
The HTTP server component of McAfee ePolicy Orchestrator and ProtectionPilot is prone to a remote stack-based buffer-overflow vulnerability that can lead to complete system compromise. This issue arises because the application fails to perform boundary checks before copying user-supplied data into sensitive process buffers. A successful attack may result in arbitrary code execution with SYSTEM privileges, leading to a full compromise. McAfee ePolicy Orchestrator 3.5.0 patch 5 and prior versions as well as ProtectionPilot 1.1.1 patch 2 and prior versions are vulnerable to this issue.
Affected Products
Mcafee protectionpilot
References
BugTraq: 20288
CVE: CVE-2006-5156
URL: http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049803.html http://knowledge.mcafee.com/SupportSite/search.do?cmd=displayKC&docType=kc&externalId=8611438&sliceId=SAL_Public&dialogID=2997768&stateId=0%200%202995803 http://download.nai.com/products/patches/protectionpilot/v1.1.1/prp1113.txt
Short Name
HTTP:MISC:MCAFFEE-SRV-HDR
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2006-5156 Header McAfee Overflow Server bid:20288
Release Date
10/17/2006
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3724
False Positive
Unknown
Vendors
Mcafee
CVSS Score
10.0