Loading...

Knowledge Center


Vulnerability with an unquoted service path in SiteAdvisor Enterprise 3.5
Technical Articles ID:   KB77190
Last Modified:  3/31/2015

Environment

McAfee SiteAdvisor Enterprise (SAE) 3.5

Problem

An attacker can create a malicious program and place it at C:\Program.exe. When you start the SAE service, it launches the malicious program instead of the SAE program by misusing the Windows executable path resolution. Services typically start with the SYSTEM privilege.

For more information on this kind of vulnerability, see http://www.commonexploits.com/?p=658.

Cause

The service path for the SAE service is not in double quotes.

Solution

This issue is resolved with Hotfix 809552 for SAE 3.5 Patch 1. This hotfix roll-up is available from the Product Downloads site.
 
McAfee product software, upgrades, maintenance releases, and documentation are available from the Product Downloads site at: http://www.mcafee.com/us/downloads/downloads.aspx.

NOTE: You need a valid Grant Number for access. KB56057 provides additional information about the Product Downloads site, and alternate locations for some products.

Workaround

To resolve this issue without installing the hotfix, use the fix attached to this article.

To install the fix locally:
  1. Create a temporary folder.
  2. Download the attached file (saeeedk_1000.zip) to the temporary folder.
  3. Extract the contents of the downloaded file to the temporary folder.
  4. Double-click SAEHotFixApp.exe. This fixes the path issue.
     
To install the fix using ePolicy Orchestrator:
  1. Create a temporary folder.
  2. Download the attached file (saeeedk_1000.zip) to the temporary folder.
  3. Extract the contents of the downloaded file to the temporary folder.
  4. Check in the downloaded package.
  5. Create a new ePolicy Orchestrator Agent Update task, and set the schedule to Run Immediately.
  6. Perform an Agent Wakeup call to send the new update task to your clients and apply the fix. This fixes the path issue.

    NOTE: If you prefer, you can reschedule an existing ePolicy Orchestrator Agent Update task to deploy the fix.

Attachment

saeeedk_1000.zip
47K • < 1 minute @ broadband


Rate this document

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.