A stack-based buffer overflow exists in the McAfee HTTP server that may allow a remote, unauthenticated attacker to execute arbitrary code.
The McAfee HTTP server (NAISERV.exe) is used in McAfee products, such as McAfee ePolicy Orchestrator and Protection Pilot. The McAfee HTTP Server is vulnerable to a stack-based buffer overflow that can be triggered by sending the server a malformed HTTP packet.
More information is available in McAfee Security Bulletin 8611438.
A remote, unauthenticated attacker may be able to execute arbitrary code.
Apply a patch
Limit Access to the McAfee HTTP Server
This issue was reported by muts.
This document was written by Jeff Gennari.
|Date First Published:||2006-10-05|
|Date Last Updated:||2006-10-05 11:21 UTC|