McAfee Security Bulletin - CMA HTTP Request DoS vulnerability
1. SUMMARY Who should read this document: Technical and Security Personnel Impact of Vulnerability: Remote Crash in Common Management Agent (CMA) Severity Rating: Medium Overall CVSS Rating: 2.3 Recommendations: Ensure that CMA is configured to communicate only with ePO servers. Security Bulletin Replacement: None Caveats: None Affected Software: CMA 126.96.36.1994 (Patch3) or earlier
2. DESCRIPTION A successful exploit of the security flaw would allow an attacker to corrupt the memory of a computer that is running McAfee Common Management Agent. Corruption of this memory may lead to a crash of the CMA Framework Service. Successfully exploiting the vulnerability is quite complicated and requires several steps of reverse engineering of the software as well as generating a custom crafted network attack. Large amounts of specifically formatted data would have to be sent to the CMA agent on TCP port 8081 for this attack to be successful. After successfully installing the HotFix, the issue will no longer exist.
This exploit is only effective in Managed mode installations (CMA deployed and managed by ePO or PrP) because the ports are open. Standalone (unmanaged) installations of CMA are NOT affected by this vulnerability because the ports are not open.
3. REMEDIATION McAfee is developing HotFix 10 to resolve this issue. There is no target release date at this time, but expect the amount of time to be similar to CMA 3.6.0 HotFix 8 (For more details see 615103). This HotFix took about a week after the vulnerability was announced to be posted on the McAfee download server.