Vulnerability Description
Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in a sender field in an AgentWakeup request to UDP port 8082. NOTE: this issue only exists when the debug level is 8.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mcafee | Agent | 4.0 |
| Mcafee | Cma | 3.0.6.453 |
| Mcafee | Epolicy Orchestrator | 4.0 |
| Mcafee | Mcafee Framework | 3.6.569 |
Related Weaknesses (CWE)
References
- http://aluigi.altervista.org/adv/meccaffi-adv.txtExploit
- http://secunia.com/advisories/29337Vendor Advisory
- http://securityreason.com/securityalert/3748
- http://www.securityfocus.com/archive/1/489476/100/0/threaded
- http://www.securityfocus.com/bid/28228Exploit
- http://www.securitytracker.com/id?1019609
- http://www.vupen.com/english/advisories/2008/0866/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41178
- https://knowledge.mcafee.com/article/234/615103_f.sal_public.html
- http://aluigi.altervista.org/adv/meccaffi-adv.txtExploit
- http://secunia.com/advisories/29337Vendor Advisory
- http://securityreason.com/securityalert/3748
- http://www.securityfocus.com/archive/1/489476/100/0/threaded
- http://www.securityfocus.com/bid/28228Exploit
- http://www.securitytracker.com/id?1019609
FAQ
What is CVE-2008-1357?
CVE-2008-1357 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows re...
How severe is CVE-2008-1357?
CVE-2008-1357 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-1357?
Check the references section above for vendor advisories and patch information. Affected products include: Mcafee Agent, Mcafee Cma, Mcafee Epolicy Orchestrator, Mcafee Mcafee Framework.