McAfee HTTP header processing buffer overflow

Added: 10/06/2006
CVE: CVE-2006-5156
BID: 20288
OSVDB: 29421

Background

McAfee ePolicy Orchestrator and Protection Pilot are centralized security management products. These products include an HTTP server implemented by the NAISERV.exe program.

Problem

A buffer overflow vulnerability in the McAfee HTTP server allows remote attackers to execute arbitrary commands by sending a request containing long source headers.

Resolution

Apply the patch referenced in Secunia advisory 22222.

References

http://www.kb.cert.org/vuls/id/842452

Limitations

Exploit works on McAfee Protection Pilot 1.1.0.

Platforms

Windows

Back to exploit index