03:23 PM
Connect Directly

McAfee Patches Critical ePolicy Orchestrator Flaw

The flaw targets the HTTP server portion of the applications and can be triggered when an attacker sends an abnormally large source header in an HTTP request.

McAfee on Monday patched a buffer overflow vulnerability in its ePolicy Orchestrator and ProtectionPilot products that could enable remote attackers to execute code and gain control over an affected PC.

The flaw targets the HTTP server portion of the applications and can be triggered when an attacker sends an abnormally large source header in an HTTP request, according to a Symantec Deepsight Threat Management system bulletin issued Monday.

If certain ports are open and a firewall is not in place, an unpatched server could allow attackers to execute arbitrary code, David Coffey, principal security architect at McAfee, told CRN.

ePolicy Orchestrator (ePO) is security management software that provides a central console for managing McAfee enterprise security products. ProtectionPilot is software that monitors the network and automatically deploys security updates for desktop PCs, servers and e-mail systems.

Security researcher Mati Aharoni of the BackTrack Development Team discovered the vulnerability and notified McAfee on July 14.

Coffey acknowledged that McAfee was made aware of the flaw on July 14 but said the complexity of the patch and the need to conduct quality assurance prevented the Santa Clara, Calif.-based company from releasing a fix until Monday.

Exploitation of an ePO server could result in the compromise of every client system managed by that particular server, and attackers could leverage the flaw to push a new "update" file that contains a back door, according to HD Moore, director of security research at BreakingPoint Systems and developer of the open-source Metasploit vulnerability testing tool.

A Metasploit exploit module and a Python proof-of-concept have been published for the flaw, which affects McAfee ePO versions 3.5.0 patch 5 and older and ProtectionPilot versions 1.1.1 patch 2 and older.

Security firm Secunia rated the McAfee vulnerability as "moderately critical," or 3 on a 5-point scale. Symantec's Deepsight Threat Management team saw it as far more serious, assigning the flaw its highest rating of 10 on a 10 point scale.

In July, McAfee apologized for inadvertently patching a vulnerability in the agent software of ePO in an earlier update without informing customers.

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A UBM Tech Radio episode on the changing economics of Flash storage used in data tiering -- sponsored by Dell.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.