I have some questions about plugin 22494 and the following from a scan; Arbitrary code can be executed on the remote host due to a flaw in the web service. Description :
The remote host is running McAfee ePolicy Orchestrator web service. The remote version of this software is vulnerable to a Stack Overflow vulnerability. An unauthenticated attacker can exploit this flaw by sending a specialy crafted packet to the remote host. A successful exploitation of this vulnerability would result in remote code execution with the privileges of the SYSTEM. See Also : http://www.remote-exploit.org/advisories/mcafee-epo.pdf Solution: Install ePO 3.5.0 Path 6. Risk Factor : Critical / CVSS Base Score : 10 (AV:R/AC:L/Au:NR/C:C/A:C/I:C/B:N) CVE : CVE-2006-5156, CVE-2006-5156, CVE-2006-5156 BID : 20288, 20288, 20288 Other references : OSVDB:29421 Plugin ID : 22494 The plugin looks for "string:rootfile) + "\NaiMServ.Exe";" then determines the version number if ( (version[0] < 4) || (version[0] == 3 && version[1] <= 5) || (version[0] == 3 && version[1] == 5 && version[2] == 0 && version[3] < 715) ) If the version number is less than 3.5.0.715 it generates the above commints and says the solution is to install 3.5.0 patch 6. I manually verified the version of NaiMServ.exe and it was at 3.5.0.723, which is 3.5.0.patch 7. Is the plugin triggering a false postive because the version is greater then 715 and it does not know how to handle that? Thanks in advance John _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
