製品・ソフトウェアに関する情報

JVN脆弱性詳細

ePolicy Orchestrator で使用される McAfee CMA におけるフォーマットストリングの脆弱性

Title	ePolicy Orchestrator で使用される McAfee CMA におけるフォーマットストリングの脆弱性
Summary	ePolicy Orchestrator で使用される McAfee Common Management Agent (CMA) の applib.dll の logDetail 関数には、フォーマットストリングの脆弱性が存在します。
Possible impacts	第三者により、UDP ポート 8082 への AgentWakeup リクエストの sender フィールド内のフォーマット文字列指定子を介して、サービス運用妨害 (クラッシュ) 状態にされる、または任意のコードを実行される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	March 17, 2008, midnight
Registration Date	Sept. 25, 2012, 5:16 p.m.
Last Update	Sept. 25, 2012, 5:16 p.m.

Affected System

マカフィー

McAfee Agent

McAfee Common Management Agent 3.6.0.574 およびそれ以前

McAfee ePolicy Orchestrator 4.0.0 build 1015

mcafee framework

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2008-1357	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1357
National Vulnerability Database (NVD)
2	CVE-2008-1357	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1357

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-134	https://jvndb.jvn.jp/ja/cwe/CWE-134.html

ベンダー情報

No	Name	URL
McAfee
1	ePolicy Orchestrator	http://www.mcafee.com/japan/products/epolicy_orchestrator.asp

Change Log

No	Changed Details	Date of change
0	[2012年09月25日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2008-1357

Summary	Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent (CMA) 3.6.0.574 (Patch 3) and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in a sender field in an AgentWakeup request to UDP port 8082. NOTE: this issue only exists when the debug level is 8.
Summary	Vulnerabilidad en el formato de cadena en la función logDetail de applib.dlld en McAfee Common Management Agent (CMA) 3.6.0.574 (Parche 3) y anteriores, como se utiliza en ePolicy Orchestrator 4.0.0 build 1015, permite a atacantes remotos provocar una denegación de servicio (caída) o ejecutar código de su elección a través de formatos de especificadores de formatos de cadena en un fichero de envío en una solicitud AgentWakeup en el puerto 8082. NOTA: esta vulnerabilidad sólo sucede cuando se está en un nivel 8 de depuración.
Publication Date	March 18, 2008, 2:44 a.m.
Registration Date	Jan. 29, 2021, 1:33 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mcafee:agent:4.0:::::::*
cpe:2.3:a:mcafee:cma:3.0.6.453:::::::*
cpe:2.3:a:mcafee:cma:3.5.5.438:::::::*
cpe:2.3:a:mcafee:cma:3.6.438:::::::*
cpe:2.3:a:mcafee:cma:3.6.453:::::::*
cpe:2.3:a:mcafee:cma:3.6.546:::::::*
cpe:2.3:a:mcafee:cma:3.6.574:::::::*
cpe:2.3:a:mcafee:epolicy_orchestrator:4.0:::::::*
cpe:2.3:a:mcafee:mcafee_framework:3.6.569:::::::*

Related information, measures and tools

No	URL	refsource
1	http://aluigi.altervista.org/adv/meccaffi-adv.txt	cve@mitre.org
2	http://secunia.com/advisories/29337	cve@mitre.org
3	http://securityreason.com/securityalert/3748	cve@mitre.org
4	http://www.securityfocus.com/archive/1/489476/100/0/threaded	cve@mitre.org
5	http://www.securityfocus.com/bid/28228	cve@mitre.org
6	http://www.securitytracker.com/id?1019609	cve@mitre.org
7	http://www.vupen.com/english/advisories/2008/0866/references	cve@mitre.org
8	https://exchange.xforce.ibmcloud.com/vulnerabilities/41178	cve@mitre.org
9	https://knowledge.mcafee.com/article/234/615103_f.sal_public.html	cve@mitre.org
10	http://aluigi.altervista.org/adv/meccaffi-adv.txt	af854a3a-2127-422b-91ae-364da2661108
11	http://secunia.com/advisories/29337	af854a3a-2127-422b-91ae-364da2661108
12	http://securityreason.com/securityalert/3748	af854a3a-2127-422b-91ae-364da2661108
13	http://www.securityfocus.com/archive/1/489476/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
14	http://www.securityfocus.com/bid/28228	af854a3a-2127-422b-91ae-364da2661108
15	http://www.securitytracker.com/id?1019609	af854a3a-2127-422b-91ae-364da2661108
16	http://www.vupen.com/english/advisories/2008/0866/references	af854a3a-2127-422b-91ae-364da2661108
17	https://exchange.xforce.ibmcloud.com/vulnerabilities/41178	af854a3a-2127-422b-91ae-364da2661108
18	https://knowledge.mcafee.com/article/234/615103_f.sal_public.html	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-134	書式文字列の問題	https://cwe.mitre.org/data/definitions/134.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mcafee:agent:4.0:::::::*
cpe:2.3:a:mcafee:cma:3.0.6.453:::::::*
cpe:2.3:a:mcafee:cma:3.5.5.438:::::::*
cpe:2.3:a:mcafee:cma:3.6.438:::::::*
cpe:2.3:a:mcafee:cma:3.6.453:::::::*
cpe:2.3:a:mcafee:cma:3.6.546:::::::*
cpe:2.3:a:mcafee:cma:3.6.574:::::::*
cpe:2.3:a:mcafee:epolicy_orchestrator:4.0:::::::*
cpe:2.3:a:mcafee:mcafee_framework:3.6.569:::::::*