CVE-2008-1357

Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in a sender field in an AgentWakeup request to UDP port 8082. NOTE: this issue only exists when the debug level is 8.

Published: Mar 17, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-1357
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.4
AV:N/AC:H/Au:N/C:N/I:N/A:C

CWEs:

CWE-134

Affected Software
References

Software	From	Fixed in
mcafee / mcafee_framework	3.6.569	3.6.569.x
mcafee / cma	3.6.453	3.6.453.x
mcafee / cma	3.0.6.453	3.0.6.453.x
mcafee / epolicy_orchestrator	4.0	4.0.x
mcafee / cma	3.5.5.438	3.5.5.438.x
mcafee / agent	4.0	4.0.x
mcafee / cma	3.6.574	3.6.574.x
mcafee / cma	3.6.438	3.6.438.x
mcafee / cma	3.6.546	3.6.546.x

http://aluigi.altervista.org/adv/meccaffi-adv.txt
http://secunia.com/advisories/29337
http://securityreason.com/securityalert/3748
http://www.securityfocus.com/archive/1/489476/100/0/threaded
http://www.securityfocus.com/bid/28228
http://www.securitytracker.com/id?1019609
http://www.vupen.com/english/advisories/2008/0866/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41178
https://knowledge.mcafee.com/article/234/615103_f.sal_public.html

Vulnerability Database

289,689

CVE-2008-1357