I have to scan Nessus reports that both reported that: The remote host is running ePolicy Orchestrator / ProtectionPilot, a system security management solution from McAfee.
According to its banner, the Common Management Agent (CMA) associated with ePolicy Orchestrator / ProtectionPilot on the remote host can be used by local users to view files residing on the same partition as the affected application with LocalSystem level privileges by creating symbolic links in the agent's web root directory. This may enable them to read files to which they would not otherwise have access. See Also : http://reedarvin.thearvins.com/20050811-01.html http://www.nessus.org/u?4bed00fb Solution: Apply CMA 3.5 Patch 4 as described in the vendor's advisory. Risk Factor : Low / CVSS Base Score : 2 (AV:L/AC:L/Au:NR/C:C/A:N/I:N/B:N) CVE : CVE-2005-2554, CVE-2005-2554 BID : 14549, 14549 Plugin ID : 19552 Problem One workstation has EPO Agent Version 3.5.5.580 the other has EPO Agent Version 3.5.5.438 # There's a problem if ... if ( # it looks like EPO and... '<?xml-stylesheet type="text/xsl" href="FrameworkLog.xsl"?>' >< res && egrep(string:res, pattern:"^ +<Log component=.+</Log") && # the version is below 3.5.0.508 (ie, 3.5.0 patch 4) egrep(string:res, pattern:"^ +<version>3\.([0-4]\..*|5\.0\.([0-4].*|50[0-7]))<") ) { security_note(port); } If I'm reading the above code correct, this plug in should not have reported that the versions were below 3.5.0.508 Thank you in advance --John _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
