Integer overflow in McAfee E-Business Server before 8.5.3 for Solaris, and before 8.1.2 for Linux, HP-UX, and AIX, allows remote attackers to execute arbitrary code via a large length value in an authentication packet, which results in a heap-based buffer overflow.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| E-business_server | Mcafee | * | 8.1.1 (including) |
| E-business_server | Mcafee | * | 8.5.2 (including) |
References
- http://secunia.com/advisories/26372
- http://secunia.com/secunia_research/2007-69/advisory/
- http://securitytracker.com/id?1018878
- http://www.securityfocus.com/bid/26269
- http://www.vupen.com/english/advisories/2007/3663
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38175
- https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=614035\u0026sliceId=SAL_Public\u0026command=show\u0026forward=nonthreadedKC\u0026kcId=614035
- http://secunia.com/advisories/26372
- http://secunia.com/secunia_research/2007-69/advisory/
- http://securitytracker.com/id?1018878
- http://www.securityfocus.com/bid/26269
- http://www.vupen.com/english/advisories/2007/3663
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38175
- https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=614035\u0026sliceId=SAL_Public\u0026command=show\u0026forward=nonthreadedKC\u0026kcId=614035