Vulnerability Name:

CVE-2006-3623 (CCN-27738)

Assigned:2006-07-13
Published:2006-07-13
Updated:2018-10-18
Summary:Directory traversal vulnerability in Framework Service component in McAfee ePolicy Orchestrator agent 3.5.0.x and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the directory and filename in a PropsResponse (PackageType) request.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2006-3623

Source: CCN
Type: SA21037
McAfee ePolicy Orchestrator Directory Traversal Vulnerability

Source: SECUNIA
Type: Vendor Advisory
21037

Source: CCN
Type: SECTRACK ID: 1016501
McAfee ePolicy Orchestrator Input Validation Error in `PropsResponse` Command Lets Remote Users Write Arbitrary Files

Source: SECTRACK
Type: UNKNOWN
1016501

Source: CCN
Type: eEye Digital Security Advisory AD20060713
McAfee ePolicy Orchestrator Remote Compromise

Source: MISC
Type: Exploit
http://www.eeye.com/html/research/advisories/AD20060713.html

Source: OSVDB
Type: UNKNOWN
27158

Source: CCN
Type: OSVDB ID: 27158
McAfee ePolicy Orchestrator /spipe/pkg Traversal Arbitrary File Write

Source: BUGTRAQ
Type: UNKNOWN
20060714 EEYE: McAfee ePolicy Orchestrator Remote Compromise

Source: BID
Type: UNKNOWN
18979

Source: CCN
Type: BID-18979
McAfee EPolicy Orchestrator Framework Service Directory Traversal Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2006-2796

Source: XF
Type: UNKNOWN
epolicy-epo-directory-traversal(27738)

Source: XF
Type: UNKNOWN
epolicy-epo-directory-traversal(27738)

Source: CCN
Type: McAfee Web site
McAfee, Inc. -- Downloads -- Upgrades

Vulnerable Configuration:Configuration 1:
  • cpe:/a:mcafee:epolicy_orchestrator_agent:*:*:*:*:*:*:*:* (Version <= 3.5.0)

  • Configuration CCN 1:
  • cpe:/a:mcafee:epolicy_orchestrator:2.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:mcafee:epolicy_orchestrator:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:mcafee:epolicy_orchestrator:2.5:*:*:*:*:*:*:*
  • OR cpe:/a:mcafee:epolicy_orchestrator:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:mcafee:epolicy_orchestrator:2.5:sp1:*:*:*:*:*:*
  • OR cpe:/a:mcafee:epolicy_orchestrator:3.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:mcafee:epolicy_orchestrator:3.0:sp2a:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    mcafee epolicy orchestrator agent *
    mcafee epolicy orchestrator 2.5.1
    mcafee epolicy orchestrator 2.0
    mcafee epolicy orchestrator 2.5
    mcafee epolicy orchestrator 3.0
    mcafee epolicy orchestrator 2.5 sp1
    mcafee epolicy orchestrator 3.5.0
    mcafee epolicy orchestrator 3.0 sp2a