Lucene search

MitreCVE-2008-1357

HistoryMar 17, 2008 - 5:44 p.m.

CVE-2008-1357

2008-03-1717:44:00

CWE-134

mitre

web.nvd.nist.gov

cve-2008-1357

format string vulnerability

mcafee cma

denial of service

execute arbitrary code

remote attack

CVSS2

5.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:N/I:N/A:C

AI Score

7.7

Confidence

High

EPSS

0.827

Percentile

98.5%

JSON

Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in a sender field in an AgentWakeup request to UDP port 8082. NOTE: this issue only exists when the debug level is 8.

Affected configurations

Nvd

Node

mcafeeagentMatch4.0

mcafeecmaMatch3.0.6.453

mcafeecmaMatch3.5.5.438

mcafeecmaMatch3.6.438

mcafeecmaMatch3.6.453

mcafeecmaMatch3.6.546

mcafeecmaMatch3.6.574

mcafeeepolicy_orchestratorMatch4.0

mcafeemcafee_frameworkMatch3.6.569

VendorProductVersionCPE
mcafeeagent4.0cpe:2.3:a:mcafee:agent:4.0:*:*:*:*:*:*:*
mcafeecma3.0.6.453cpe:2.3:a:mcafee:cma:3.0.6.453:*:*:*:*:*:*:*
mcafeecma3.5.5.438cpe:2.3:a:mcafee:cma:3.5.5.438:*:*:*:*:*:*:*
mcafeecma3.6.438cpe:2.3:a:mcafee:cma:3.6.438:*:*:*:*:*:*:*
mcafeecma3.6.453cpe:2.3:a:mcafee:cma:3.6.453:*:*:*:*:*:*:*
mcafeecma3.6.546cpe:2.3:a:mcafee:cma:3.6.546:*:*:*:*:*:*:*
mcafeecma3.6.574cpe:2.3:a:mcafee:cma:3.6.574:*:*:*:*:*:*:*
mcafeeepolicy_orchestrator4.0cpe:2.3:a:mcafee:epolicy_orchestrator:4.0:*:*:*:*:*:*:*
mcafeemcafee_framework3.6.569cpe:2.3:a:mcafee:mcafee_framework:3.6.569:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mcafee	agent	4.0	cpe:2.3:a:mcafee:agent:4.0:::::::*
mcafee	cma	3.0.6.453	cpe:2.3:a:mcafee:cma:3.0.6.453:::::::*
mcafee	cma	3.5.5.438	cpe:2.3:a:mcafee:cma:3.5.5.438:::::::*
mcafee	cma	3.6.438	cpe:2.3:a:mcafee:cma:3.6.438:::::::*
mcafee	cma	3.6.453	cpe:2.3:a:mcafee:cma:3.6.453:::::::*
mcafee	cma	3.6.546	cpe:2.3:a:mcafee:cma:3.6.546:::::::*
mcafee	cma	3.6.574	cpe:2.3:a:mcafee:cma:3.6.574:::::::*
mcafee	epolicy_orchestrator	4.0	cpe:2.3:a:mcafee:epolicy_orchestrator:4.0:::::::*
mcafee	mcafee_framework	3.6.569	cpe:2.3:a:mcafee:mcafee_framework:3.6.569:::::::*

References

aluigi.altervista.org/adv/meccaffi-adv.txt

secunia.com/advisories/29337

securityreason.com/securityalert/3748

www.securityfocus.com/archive/1/489476/100/0/threaded

www.securityfocus.com/bid/28228

www.securitytracker.com/id?1019609

www.vupen.com/english/advisories/2008/0866/references

exchange.xforce.ibmcloud.com/vulnerabilities/41178

knowledge.mcafee.com/article/234/615103_f.sal_public.html

CVSS2

5.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:N/I:N/A:C

AI Score

7.7

Confidence

High

EPSS

0.827

Percentile

98.5%

JSON

Related for CVE-2008-1357