Vulnerabilities > CVE-2006-3623 - Directory Traversal vulnerability in Mcafee Epolicy Orchestrator Agent 3.5.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Directory traversal vulnerability in Framework Service component in McAfee ePolicy Orchestrator agent 3.5.0.x and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the directory and filename in a PropsResponse (PackageType) request.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Nessus
NASL family | CGI abuses |
NASL id | MCAFEE_CMA_DIR_TRAVERSAL.NASL |
description | According to its banner, the McAfee Common Management Agent (CMA) running on the remote host is affected by a directory traversal vulnerability in the Framework Service component due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to write arbitrary files outside of the web path. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 22046 |
published | 2006-07-14 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/22046 |
title | McAfee Common Management Agent Traversal Arbitrary File Write |
code |
|
References
- http://secunia.com/advisories/21037
- http://securitytracker.com/id?1016501
- http://www.eeye.com/html/research/advisories/AD20060713.html
- http://www.osvdb.org/27158
- http://www.securityfocus.com/archive/1/440077/100/0/threaded
- http://www.securityfocus.com/bid/18979
- http://www.vupen.com/english/advisories/2006/2796
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27738