Directory Traversal Vulnerability in McAfee ePolicy Orchestrator
CVE-2006-3623

Currently unrated

Key Information:

Vendor: Mcafee
Status: Epolicy Orchestrator Agent
Vendor: CVE Published:; 18 July 2006

Summary

The vulnerability exists in the Framework Service component of the McAfee ePolicy Orchestrator agent version 3.5.0.x and earlier. By exploiting this flaw, remote attackers can manipulate the input to create arbitrary files on the server. This is accomplished using directory traversal techniques via the inclusion of '../' sequences in the directory and filename of a PropsResponse request. Such an exploit could jeopardize server integrity, allowing unauthorized access to sensitive files and potentially leading to further exploits.

References

http://www.eeye.com/html/research/advisories/AD20060713.html

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/27738

vdb-entryx_refsource_XF

http://secunia.com/advisories/21037

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jul 18, 2006
Vulnerability Reserved
Jul 14, 2006