-----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Brief May 10, 2004
McAfee ePolicy Orchestrator Remote Compromise Vulnerability Synopsis: ISS X-Force has discovered a vulnerability in the McAfee ePolicy Orchestrator software. ePolicy Orchestrator (ePO) enables the enterprise management of all manner of security software, from virus and vulnerability scanners to personal firewalls. The affected versions of ePO server contain a flaw that can lead to arbitrary code execution on vulnerable systems. Impact: Attackers may remotely exploit this vulnerability to gain Administrator access to any vulnerable ePO server. In addition to the server, this vulnerability can be used to gain access to ePO agent systems. The ePO server is commonly used to distribute enterprise-wide updates for security software, and as such this vulnerability opens up the potential for enterprise-wide exploitation in certain configurations. For the complete X-Force Advisory, please visit: http://xforce.iss.net/xforce/alerts/id/173 ______ About Internet Security Systems (ISS) Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a pioneer and world leader in software and services that protect critical online resources from an ever-changing spectrum of threats and misuse. Internet Security Systems is headquartered in Atlanta, GA, with additional operations throughout the Americas, Asia, Australia, Europe and the Middle East. Copyright (c) 2004 Internet Security Systems, Inc. All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this document. It is not to be edited or altered in any way without the express written consent of the Internet Security Systems X-Force. If you wish to reprint the whole or any part of this document in any other medium excluding electronic media, please email xforceiss.net for permission. Disclaimer: The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information. X-Force PGP Key available on MIT's PGP key server and PGP.com's key server, as well as at http://www.iss.net/security_center/sensitive.php Please send suggestions, updates, and comments to: X-Force xforceiss.net of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBQJ/VGzRfJiV99eG9AQH/3gP+O45IvM0keZnWBkXXWw5iUozmXhLODQVy DmvrMgMYfyfM/ZnFGSW0etkXZ8DFqYGJD23c4+iOFHDZI/qy7quRwuJr3o9CpUyP 29Y0i2wZgU/0x6FPi+8Q+bhIkikegn6pEJ/+9OTOPvqVqC/YoCWK6oQRb/W/HUtX pM0bJ8ikYEk= =bPYG -----END PGP SIGNATURE----- _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
