Search This Blog

Friday, July 13, 2007

(Mcafee) several security vulnerabilities with Common Management Agent (CMA) 3.6.0 and earlier versions

McAfee, Inc. has been notified of several security vulnerabilities that could affect McAfee Common Management Agent (CMA) 3.6.0 and earlier versions. A successful exploit of this security flaw would allow an attacker to corrupt the memory of a machine that is running the McAfee Common Management Agent.
McAfee’s key priority is the security of its customers and it takes the quality of its software very seriously. McAfee has been extremely proactive in this area and has a dedicated team managed by a leading industry expert that incorporates tools and knowledge throughout the product development organization.
In the event that a vulnerability is found within any of McAfee’s software, it has a strong process in place to work closely with the relevant security research group to ensure the rapid and effective development of a fix and communication plan. McAfee has alerted its customers of the security flaw and has asked them to verify that they have received the latest updates by visiting the support site at or calling 00800 6247 7463.
For more information on this security vulnerability, please visit
What to do
Overview: Download the appropriate CMA patch binaries and update CMA.
Obtaining the Binaries:
Installation Requirements: To use this release, you must have ePolicy Orchestrator 3.5, ePolicy Orchestrator 3.6, or ePolicy Orchestrator 3.6.1, ProtectionPilot 1.1.1, or ProtectionPilot 1.5 installed on the computer you intend to update with this release.
Installation steps:
Create a temporary folder on the hard drive of the ePolicy Orchestrator server.
Extract the CMA3601.ZIP file to the temporary folder that you created in Step 1.
Checking the Agent Package Into The Master Repository.
You cannot check in packages while pull or replication tasks are executing.
Log on to the desired ePolicy Orchestrator server using a global administrator user account.
In the console tree under “ePolicy Orchestrator” , select “Repository”.
In the details pane under “AutoUpdate Tasks,” click “Check in package.” The “Check in package” wizard appears.
Click “Next” to open the package type dialog box.
Select “Products or updates,” then click “Next.” The catalog file dialog box appears.
Select the package catalog (PKGCATALOG.Z) file from the temporary folder you created in Step 1 of “Installation Steps.” You can type the path to this file, or click “Browse” to select it, and click “Next.” The summary dialog box appears.
Click “Finish” to check in the package.
Click “Close” after the package has been checked in.
The new agent package is automatically created.
McAfee apologizes for any unintended impact to customers as a result of this published vulnerability. We take the research and the quality of our products extremely seriously. We know that our ability to protect our customers quickly in the event of an outbreak depends largely on their confidence in our work. We are committed to maintaining this trust every day and will do everything in our control to mitigate this problem now and in the future.
If you have any questions or concerns, please refer to the web pages above for additional information.

No comments:

Post a Comment