Vulnerability with an unquoted service path in SiteAdvisor Enterprise 3.5

Technical Articles ID: KB77190
Last Modified: 3/31/2015

Environment

McAfee SiteAdvisor Enterprise (SAE) 3.5

Problem

An attacker can create a malicious program and place it at C:\Program.exe. When you start the SAE service, it launches the malicious program instead of the SAE program by misusing the Windows executable path resolution. Services typically start with the SYSTEM privilege.

For more information on this kind of vulnerability, see http://www.commonexploits.com/?p=658.

Cause

The service path for the SAE service is not in double quotes.

Solution

This issue is resolved with Hotfix 809552 for SAE 3.5 Patch 1. This hotfix roll-up is available from the Product Downloads site.

McAfee product software, upgrades, maintenance releases, and documentation are available from the Product Downloads site at: http://www.mcafee.com/us/downloads/downloads.aspx.

NOTE: You need a valid Grant Number for access. KB56057 provides additional information about the Product Downloads site, and alternate locations for some products.

Workaround

To resolve this issue without installing the hotfix, use the fix attached to this article.

To install the fix locally:

Create a temporary folder.
Download the attached file (saeeedk_1000.zip) to the temporary folder.
Extract the contents of the downloaded file to the temporary folder.
Double-click SAEHotFixApp.exe. This fixes the path issue.

To install the fix using ePolicy Orchestrator:

Create a temporary folder.
Download the attached file (saeeedk_1000.zip) to the temporary folder.
Extract the contents of the downloaded file to the temporary folder.
Check in the downloaded package.
Create a new ePolicy Orchestrator Agent Update task, and set the schedule to Run Immediately.
Perform an Agent Wakeup call to send the new update task to your clients and apply the fix. This fixes the path issue.

NOTE: If you prefer, you can reschedule an existing ePolicy Orchestrator Agent Update task to deploy the fix.

Attachment

saeeedk_1000.zip
47K • < 1 minute @ broadband

Affected Products

Known Issue/Product Defect
SiteAdvisor Enterprise 3.5

Glossary of Technical Terms

Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.

Knowledge Center

Environment

Problem

Cause

Solution

Workaround

Attachment

Affected Products

Glossary of Technical Terms

Title

Title

Featured Solutions

Explore Our Portfolio

Security Outcomes

Industries

Products

Featured Solutions

Explore Our Portfolio

MVISION Products

Services & Training

Threat Research

Our Researchers

Threat Landscape Dashboard

Tools

Contact Us

Resources

Downloads

Product Help

Connect with Us

Explore

Our Company

Our Efforts

Other Resources

Careers

Partnerships

Knowledge Center

Environment

Problem

Cause

Solution

Workaround

Attachment

Affected Products

Glossary of Technical Terms

Choose your region

Title

Title