Vulnerability with an unquoted service path in SiteAdvisor Enterprise 3.5
Technical Articles ID:
KB77190
Last Modified: 3/31/2015
Last Modified: 3/31/2015
Vulnerability with an unquoted service path in SiteAdvisor Enterprise 3.5
Technical Articles ID:
KB77190
Last Modified: 3/31/2015 EnvironmentMcAfee SiteAdvisor Enterprise (SAE) 3.5
ProblemAn attacker can create a malicious program and place it at C:\Program.exe. When you start the SAE service, it launches the malicious program instead of the SAE program by misusing the Windows executable path resolution. Services typically start with the SYSTEM privilege.
For more information on this kind of vulnerability, see http://www.commonexploits.com/?p=658. CauseThe service path for the SAE service is not in double quotes.
SolutionThis issue is resolved with Hotfix 809552 for SAE 3.5 Patch 1. This hotfix roll-up is available from the Product Downloads site.
McAfee product software, upgrades, maintenance releases, and documentation are available from the Product Downloads site at: https://www.mcafee.com/enterprise/en-us/downloads/my-products.html.
NOTE: You need a valid Grant Number for access. See KB56057 - How to download Enterprise product updates and documentation for more information about the Product Downloads site, and alternate locations for some products. WorkaroundTo resolve this issue without installing the hotfix, use the fix attached to this article.
To install the fix locally:
To install the fix using ePolicy Orchestrator:
AttachmentAffected ProductsGlossary of Technical Terms |
|