Release Notes for McAfee® ePolicy Orchestrator(TM) Version 3.0.1 Patch 3 Copyright (C) 2004 Networks Associates Technology, Inc. All Rights Reserved ========================================================== This release was developed and tested with: ePolicy Orchestrator:3.0.1 Make sure you have installed this version before using this release. ========================================================== Thank you for using ePolicy Orchestrator(TM) software. This file contains important information regarding this release. We strongly recommend that you read the entire document. The attached files are provided as is, and with no warranty either expressed or implied as to their suitability for any particular use or purpose. Network Associates, Inc. assumes no liability for damages incurred either directly or indirectly as a result of the use of these files, including but not limited to the loss or damage of data or systems, loss of business or revenue, or incidental damages arising from their use. Patch files should be applied only on the advice of McAfee Security Technical Support, and only when you are actually experiencing the issue being addressed by the Patch. Patch files should not be proactively applied in order to prevent potential product issues. You are responsible for reading and following all instructions for preparation, configuration, and installation of Patch files. Patch files are not a substitute or replacement for product Service Packs which may be released by Network Associates, Inc. It is a violation of your software license agreement to distribute or share these files with any other person or entity without written permission from Network Associates, Inc. Further, posting of McAfee Security Patch files to publicly available Internet sites is prohibited. Network Associates, Inc. reserves the right to refuse distribution of Patch files to any company or person guilty of unlawful distribution of McAfee software products. Questions or issues with McAfee Patch files should be directed to McAfee Security Technical Support. __________________________________________________________ WHAT'S IN THIS FILE - About This Release - Purpose - Files Included with This Release - Installation - Installation Requirements - Installation Steps - Replicating the Agent Package to Distributed Repositories - Deploying the Agent to Client Computers - Monitoring Agent Deployment - Removing This Release - Contacting McAfee Security and Network Associates - Copyright, Trademark Attributions & Patents - Trademarks - License Agreement and Attributions - Patents __________________________________________________________ ABOUT THIS RELEASE PURPOSE This release addresses the following vulnerabilities: - This release addresses the McAfee ePolicy Orchestrator Agent HTTP POST Buffer Mismanagement Vulnerability; vulnerability identifier: CVE-2004-0095. FILES INCLUDED WITH THIS RELEASE This release consists of a package called EPO3013.ZIP, which contains the following files: CLEANUP.EXE = Agent uninstallation program CMDAGENT.EXE = Command Agent program FRAMEWORKPACKAGE.EXE = Agent packaging tool FRAMEWORKSERVICE.EXE = Agent service program FRMINST.EXE = Agent framework installation program MCSCRIPT.EXE = McAfee script engine NAPRDMGR.EXE = Product Manager program UPDATERUI.EXE = Agent user interface program WSTUB32.EXE = Win32 stub for agent package AGENT.DLL AGENTPLUGIN.DLL AGENTRES.DLL CABINET.DLL CLIENTUI.DLL CMAUIRES.DLL COMPONENTSUBSYSTEM.DLL COMPONENTUSERINTERFACE.DLL FRMPLUGIN.DLL GENEVTINF.DLL INTERNETMANAGER.DLL LISTENSERVER.DLL LOGGING.DLL MANAGEMENT.DLL MCURIAL.DLL NACMNLIB.DLL NAGSHR32.DLL NAILOG.DLL NAINET.DLL NAISIGN.DLL NAIZLB32.DLL NAPOLICYMANAGER.DLL NASPIPE.DLL NAXML.DLL PATCHW32.DLL PCRPLUG.DLL POEVTINF.DLL PSAPI.DLL SCHEDULER.DLL SCRIPTSUBSYS.DLL SCRPTRES.DLL SECUREFRAMEWORKFACTORY.DLL UNICOWS.DLL UPDATESUBSYS.DLL UPDPLUG.DLL UPDRES.DLL USERSPACE.DLL XMLWRAP.DLL = Application extension files SRPUBKEY.BIN = Server public key AGENT.INI = Agent configuration file LOGO.JPG = McAfee Security company logo AGT300DET.MCS INSTALLMAIN.MCS UPDATEMAIN.MCS = Agent detection scripts INSTALL.PKG = Package information used by server PATCH3.TXT = This text file PKGCATALOG.Z = Agent package catalog file FRAMEWORKMANIFEST.XML = Package installation information file list used by agent installer SERVER.XML = Default agent policy settings SITELIST.XML = Repository list __________________________________________________________ INSTALLATION INSTALLATION REQUIREMENTS To use this release, you must have ePolicy Orchestrator 3.0.1 software installed on the ePolicy Orchestrator server that you intend to update with this release. NOTE: This release does not work with earlier versions of the ePolicy Orchestrator software. INSTALLATION STEPS NOTE: You cannot check in packages while pull or replication tasks are executing. 1. Create a temporary folder on the hard drive of the ePolicy Orchestrator server. 2. Extract the EPO3013.ZIP file to the temporary folder that you created in Step 1. 3. Log on to the desired ePolicy Orchestrator server using a global administrator user account. 4. In the console tree under "ePolicy Orchestrator" | , select "Repository." 5. In the details pane under "AutoUpdate Tasks," click "Check in package." The "Check in package" wizard appears. 6. Click "Next" to open the package type dialog box. 7. Select "Products or updates," then click "Next." The catalog file dialog box appears. 8. Select the package catalog (PKGCATALOG.Z) file from the temporary folder you created in Step 1. You can type the path to this file, or click "Browse" to select it, then click "Next." The summary dialog box appears. 9. Click "Finish" to check in the package. 10. Click "Close" after the package has been checked in. 11. Stop the "McAfee ePolicy Orchestrator 3.0.1 Server" service. This procedure varies depending on the operating system. For instructions, see the operating system product documentation. 12. Delete the FRAMEPKG.EXE and FRAMEWORK.Z files from this location in the installation directory: \DB\SOFTWARE\CURRENT\EPOAGENT3000\INSTALL\0409 The default location of the installation directory is: C:\PROGRAM FILES\NETWORK ASSOCIATES\EPO\3 If you upgraded the software from version 2.0, 2.5, or 2.5.1, the default location is: C:\PROGRAM FILES\MCAFEE\EPO\3.0.1 13. Start the "McAfee ePolicy Orchestrator 3.0.1 Server" service. This procedure varies depending on the operating system. For instructions, see the operating system product documentation. REPLICATING THE AGENT PACKAGE TO DISTRIBUTED REPOSITORIES NOTE: Since local distributed repositories can only be accessed from client computers, replication tasks do not copy packages from the master repository to local distributed repositories; you must manually update local distributed repositories with the desired packages. 1. Log on to the desired ePolicy Orchestrator server using a global administrator user account. 2. In the console tree under "ePolicy Orchestrator" | , select "Repository." 3. In the details pane under "AutoUpdate Tasks," click "Replicate now." The "Replicate Now" wizard appears. 4. Click "Next" to open the distributed repositories dialog box. 5. Click "Select All" to select all global and SuperAgent distributed repositories, then click "Next." The replication type dialog box appears. 6. Select "Incremental replication," then click "Finish" to run the task. 7. Click "Close" after the task has completed. DEPLOYING THE AGENT TO CLIENT COMPUTERS Although there are numerous methods you can use to install the agent on computers you want to manage via ePolicy Orchestrator, we recommend using the "Deployment" client task. See below for details on how to do this. For a list of other methods and instructions for each, see "Agent deployment" in the ePolicy Orchestrator 3.0 Product Guide. 1. Log on to the desired ePolicy Orchestrator server. 2. In the console tree under "ePolicy Orchestrator" | , right-click "Directory," , , or . The "Policies," "Properties," and "Tasks" tabs appear in the details pane. 3. Click the "Tasks" tab. 4. Right-click the "Deployment" task, then select "Edit Task." The "ePolicy Orchestrator Scheduler" dialog box appears. 5. On the "Task" tab, click "Settings." The "Task Settings" dialog box appears. 6. Deselect "Inherit." 7. Next to "Agent 3.1.1," select "Install" in "Action." 8. Next to those products that you do not want to deploy, select "Ignore" in "Action." 9. To specify command-line options used when installing the agent, click the "..." button next to "Agent 3.1.0." For instructions, see "Agent installation command-line options" in the ePolicy Orchestrator 3.0 Product Guide. 10. If you want this task to also be enforced during the policy enforcement interval, select "Run this task at every policy enforcement interval." 11. Schedule the task. For instructions, see "Scheduling client tasks" in the ePolicy Orchestrator 3.0 Product Guide. 12. Click "OK" to save the current entries. MONITORING AGENT DEPLOYMENT You can use the Agent Versions or the Compliance Issues reports to monitor the deployment of the agent. For instructions and information, see "Running reports," and "Agent Versions report template" or "Compliance Issues report template" in the ePolicy Orchestrator 3.0 Product Guide, respectively. The new agent version number is 3.1.1.192. REMOVING THIS RELEASE To remove this Patch from your computer, uninstall, then reinstall ePolicy Orchestrator. NOTE: We recommend that you do NOT remove the Patch files once you install them. If you reinstall the ePolicy Orchestrator software, we recommend that you also reinstall the Patch. __________________________________________________________ PARTICIPATING IN THE MCAFEE SECURITY BETA PROGRAM To download new beta software or to read about the latest beta information, visit the beta web site: http://www.networkassociates.com/us/downloads/beta/ To submit your feedback on any McAfee Security beta product, send e-mail to: avbeta@nai.com McAfee Security is devoted to providing solutions based on your input. __________________________________________________________ CONTACTING MCAFEE SECURITY & NETWORK ASSOCIATES Technical Support Home Page http://www.networkassociates.com/us/support/ KnowledgeBase Search https://knowledgemap.nai.com/phpclient/homepage.aspx PrimeSupport Service Portal http://mysupport.nai.com Login credentials required. McAfee Security Beta Program Beta Web Site http://www.networkassociates.com/us/downloads/beta/ E-mail avbeta@nai.com Security Headquarters -- AVERT (Anti-Virus Emergency Response Team) Home Page http://www.networkassociates.com/us/security/home.asp Virus Information Library http://vil.nai.com Submit a Virus Sample – AVERT WebImmune https://www.webimmune.net/default.asp AVERT DAT Notification Service http://vil.nai.com/vil/join-DAT-list.asp Download Site Home Page http://www.networkassociates.com/us/downloads/ DAT File and Engine Updates http://www.networkassociates.com/us/downloads/updates/ ftp://ftp.nai.com/pub/antivirus/datfiles/4.x Product Upgrades https://secure.nai.com/us/forms/downloads/upgrades/login.asp Valid grant number required. Contact Network Associates Customer Service Training McAfee Security University http://www.networkassociates.com/us/services/education/mcafee/university.htm Network Associates Customer Service US, Canada, and Latin America toll-free: Phone: +1-888-VIRUS NO or +1-888-847-8766 Monday - Friday, 8 a.m. - 8 p.m., Central Time E-mail: services_corporate_division@nai.com Web: http://www.nai.com/us/index.asp http://www.networkassociates.com/us/index.asp For additional information on contacting Network Associates and McAfee Security – including toll-free numbers for other geographic areas - see the CONTACT file that accompanied your original product release. __________________________________________________________ COPYRIGHT, TRADEMARK ATTRIBUTIONS & PATENTS Copyright (C) 2004 Networks Associates Technology, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of Networks Associates Technology, Inc., or its suppliers or affiliate companies. To obtain this permission, write to the attention of the Network Associates legal department at: 5000 Headquarters Drive, Plano, Texas 75024, or call +1-972- 963-8000. TRADEMARKS Active Firewall, Active Security, Active Security (in Katakana), ActiveHelp, ActiveShield, AntiVirus Anyware and design, Appera, AVERT, Bomb Shelter, Certified Network Expert, Clean-Up, CleanUp Wizard, ClickNet, CNX, CNX Certification Certified Network Expert and design, Covert, Design (stylized N), Disk Minder, Distributed Sniffer System, Distributed Sniffer System (in Katakana), Dr Solomon’s, Dr Solomon’s label, E and Design, Entercept, Enterprise SecureCast, Enterprise SecureCast (in Katakana), ePolicy Orchestrator, Event Orchestrator (in Katakana), EZ SetUp, First Aid, ForceField, GMT, GroupShield, GroupShield (in Katakana), Guard Dog, HelpDesk, HelpDesk IQ, HomeGuard, Hunter, Impermia, InfiniStream, Intrusion Prevention Through Innovation, IntruShield, IntruVert Networks, LANGuru, LANGuru (in Katakana), M and design, Magic Solutions, Magic Solutions (in Katakana), Magic University, MagicSpy, MagicTree, McAfee, McAfee (in Katakana), McAfee and design, McAfee.com, MultiMedia Cloaking, NA Network Associates, Net Tools, Net Tools (in Katakana), NetAsyst, NetCrypto, NetOctopus, NetScan, NetShield, NetStalker, Network Associates, Network Performance Orchestrator, NetXray, NotesGuard, nPO, Nuts & Bolts, Oil Change, PC Medic, PCNotary, PortalShield, Powered by SpamAssassin, PrimeSupport, Recoverkey, Recoverkey – International, Registry Wizard, Remote Desktop, ReportMagic, RingFence, Router PM, Safe & Sound, SalesMagic, SecureCast, SecureSelect, SecurityShield, Service Level Manager, ServiceMagic, SmartDesk, Sniffer, Sniffer (in Hangul), SpamKiller, SpamAssassin, Stalker, SupportMagic, ThreatScan, TIS, TMEG, Total Network Security, Total Network Visibility, Total Network Visibility (in Katakana), Total Service Desk, Total Virus Defense, Trusted Mail, UnInstaller, VIDS, Virex, Virus Forum, ViruScan, VirusScan, WebScan, WebShield, WebShield (in Katakana), WebSniffer, WebStalker, WebWall, What's The State Of Your IDS?, Who’s Watching Your Network, WinGauge, Your E-Business Defender, ZAC 2000, Zip Manager are registered trademarks or trademarks of Network Associates, Inc. and/or its affiliates in the US and/or other countries. Sniffer(R) brand products are made only by Network Associates, Inc. All other registered and unregistered trademarks herein are the sole property of their respective owners. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANIES YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEB SITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO NETWORK ASSOCIATES, INC. OR THE PLACE OF PURCHASE FOR A FULL REFUND. Attributions This product includes or may include: - Software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). - Cryptographic software written by Eric Young and software written by Tim J. Hudson. - Some software programs that are licensed (or sublicensed) to the user under the GNU General Public License (GPL) or other similar Free Software licenses which, among other rights, permit the user to copy, modify and redistribute certain programs, or portions thereof, and have access to the source code. The GPL requires that for any software covered under the GPL which is distributed to someone in an executable binary format, that the source code also be made available to those users. For any such software covered under the GPL, the source code is made available on this CD. If any Free Software licenses require that Network Associates provide rights to use, copy or modify a software program that are broader than the rights granted in this agreement, then such rights shall take precedence over the rights and restrictions herein. - Software originally written by Henry Spencer, Copyright 1992, 1993, 1994, 1997 Henry Spencer. - Software originally written by Robert Nordier, Copyright (C) 1996-7 Robert Nordier. All rights reserved. - Software written by Douglas W. Sauder. - Software developed by the Apache Software Foundation (http://www.apache.org/). - International Components for Unicode ("ICU") Copyright (C) 1995-2002 International Business Machines Corporation and others. All rights reserved. - Software developed by CrystalClear Software, Inc., Copyright (C) 2000 CrystalClear Software, Inc. - FEAD(R) Optimizer(R) technology, Copyright Netopsystems AG, Berlin, Germany. - Outside In(R) Viewer Technology (C) 1992-2001 Stellent Chicago, Inc. and/or Outside In(R) HTML Export, (C) 2001 Stellent Chicago, Inc. - Software copyrighted by Thai Open Source Software Center Ltd. and Clark Cooper, (C) 1998, 1999, 2000. - Software copyrighted by Expat maintainers. - Software copyrighted by The Regents of the University of California, (C) 1989. - Software copyrighted by Gunnar Ritter. - Software copyrighted by Sun Microsystems(C), Inc. - Software copyrighted by Gisle Aas. All rights reserved, (C) 1995-2003. - Software copyrighted by Michael A. Chase, (C) 1999-2000. - Software copyrighted by Neil Winton, (C) 1995-1996. - Software copyrighted by RSA Data Security, Inc., (C) 1990-1992. - Software copyrighted by Sean M. Burke, (C) 1999, 2000. - Software copyrighted by Martijn Koster, (C) 1995. - Software copyrighted by Brad Appleton, (C) 1996-1999. - Software copyrighted by Michael G. Schwern, (C) 2001. - Software copyrighted by Graham Barr, (C) 1998. - Software copyrighted by Larry Wall and Clark Cooper, (C) 1998-2000. - Software copyrighted by Frodo Looijaard, (C) 1997. V2.3.1