Alerts
Alerts
Zero-Day Tracker
Common Name:
McAfee Network Agent
Date Disclosed:
10/12/2006
Date Patched:
11/7/2006
Vendor:
McAfee
Application:
McAfee Internet Security Suite 2006
McAfee Personal Firewall Plus 7.x/2006
McAfee VirusScan 10.x/2006
Description:
A vulnerabiliy exists within the McAfee Network Agent which may cause a Denial of Service or potentially remote code execution. The McAfee Network Agent (mcnasvc.exe) is a remotely accessible agent on multiple McAfee product installations.
Severity:
High
Code Execution:
Potential Code Execution - Unverified
Impact:
Potential Code Execution - Unverified
This vulnerability allows for a remote attacker to easily cause a denial of service on the mcnasvc.exe service, disallowing remote management of the McAfee installation. Execution of arbitrary code has not been demonstrated, but may be possible.
Mitigation:
The vulnerability has been silently fixed and distributed through McAfee's update service within the products. eEye recommends that all customers update their McAfee products as soon as possible to mitigate this vulnerability.
Originally, the only form of mitigation for this vulnerability is to deny service to the McAfee Network Agent, typically assigned to port tcp/6646.
Protection:
Links:
CVE-2006-5417
First Public PoC Code Disclosure (Denial of Service)
Status:
12/1/2006: eEye Research Update
This vulnerability has been shown to be silently fixed in the latest version available through updating. There is no vendor information regarding the vulnerability. To verify that the vulnerability has been remediated, you can review the version of %programfiles%\common files\mcafee\mna\McNASvc.exe. eEye has not verified all versions, but can verify that version 1.1.110.0 released on November 7th, 2006 is not vulnerable.
Common Name:
McAfee Network Agent
Date Disclosed:
10/12/2006
Date Patched:
11/7/2006
Vendor:
McAfee
Application:
McAfee Internet Security Suite 2006
McAfee Personal Firewall Plus 7.x/2006
McAfee VirusScan 10.x/2006
Description:
A vulnerabiliy exists within the McAfee Network Agent which may cause a Denial of Service or potentially remote code execution. The McAfee Network Agent (mcnasvc.exe) is a remotely accessible agent on multiple McAfee product installations.
Severity:
High
Code Execution:
Potential Code Execution - Unverified
Impact:
Potential Code Execution - Unverified
This vulnerability allows for a remote attacker to easily cause a denial of service on the mcnasvc.exe service, disallowing remote management of the McAfee installation. Execution of arbitrary code has not been demonstrated, but may be possible.
Mitigation:
The vulnerability has been silently fixed and distributed through McAfee's update service within the products. eEye recommends that all customers update their McAfee products as soon as possible to mitigate this vulnerability.
Originally, the only form of mitigation for this vulnerability is to deny service to the McAfee Network Agent, typically assigned to port tcp/6646.
Protection:
- eEye's Blink® Personal Edition protects from this vulnerability.
- eEye's Blink® Professional Edition protects from this vulnerability.
Links:
CVE-2006-5417
First Public PoC Code Disclosure (Denial of Service)
Status:
12/1/2006: eEye Research Update
This vulnerability has been shown to be silently fixed in the latest version available through updating. There is no vendor information regarding the vulnerability. To verify that the vulnerability has been remediated, you can review the version of %programfiles%\common files\mcafee\mna\McNASvc.exe. eEye has not verified all versions, but can verify that version 1.1.110.0 released on November 7th, 2006 is not vulnerable.
