---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: ePolicy Orchestrator / ProtectionPilot Insecure Directory Permissions SECUNIA ADVISORY ID: SA16410 VERIFY ADVISORY: http://secunia.com/advisories/16410/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: McAfee ePolicy Orchestrator 3.x http://secunia.com/product/1943/ McAfee ProtectionPilot 1.x http://secunia.com/product/5538/ DESCRIPTION: Reed Arvin has reported a security issue in ePolicy Orchestrator, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to insecure file permissions on the "C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db" directory, which is used as the web root for the Agent web server running with SYSTEM privilege. This can be exploited to access arbitrary files by creating a subdirectory under the "Db" directory and linking it to a directory containing files that the user wants access to. The following products are affected: * ePolicy Orchestrator 3.0 SP2 * ePolicy Orchestrator 3.5 * ProtectionPilot 1.1 SOLUTION: Reportedly, the vendor will be releasing CMA 3.5 patch 4 to address this issue no later than 2005-08-19. See vendor's advisory for suggested workaround. PROVIDED AND/OR DISCOVERED BY: Reed Arvin ORIGINAL ADVISORY: McAfee: http://knowledgemap.nai.com/KanisaSupportSite/search.do?cmd=displayKC&docType=kc&externalId=KBkb42216xml&language=en_US Reed Arvin: http://reedarvin.thearvins.com/20050811-01.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------