Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2012.0127 A number of vulnerabilities have been identified in Quagga as used by McAfee Firewall Enterprise 13 September 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: McAfee Firewall Enterprise 7.x McAfee Firewall Enterprise 8.x Operating System: Network Appliance Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2012-1820 CVE-2012-0255 CVE-2012-0250 CVE-2012-0249 Member content until: Saturday, October 13 2012 Reference: ESB-2012.0870 ESB-2012.0597 ESB-2012.0412 OVERVIEW A number of vulnerabilities have been identified in Quagga as used by McAfee Firewall Enterprise 8.x and 7.x. IMPACT The vendor has provided the following details regarding these issues: "McAfee Firewall Enterprise is affected by the vulnerabilities Quagga CVE-2012-0255, CVE-2012-0250, CVE-2012-0249, and CVE-2012-1820. However, fixes are contained in the latest Firewall Enterprise releases." [1] If exploited by unauthenticated remote attackers, these vulnerabilities could potentially allow cause a denial of service in McAfee Firewall Enterprise. MITIGATION The vendor has stated that thes issues are corrected in versions 7.0.1.05.H05, 8.2.1P04 and in the upcoming release 8.3.0 of McAfee Firewall Enterprise. It is recommended that users upgrade to the relevant latest version to correct these vulnerabilities. [1] REFERENCES [1] Firewall Enterprise: Response to vulnerability Quagga CVE-2012-0255, CVE-2012-0250, CVE-2012-0249, and CVE-2012-1820 https://kc.mcafee.com/corporate/index?page=content&id=KB76173 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUFFSWu4yVqjM2NGpAQKiFQ//TjEV4rTFsuIIJv2z1DC0Fe0pPrB7QPYI 14I1fvBJkqyVaq2swuH9GpCReGic8nUkmnKIAp75CrRtUtsLZaY1dGEV+t7o3PdM OsByEty+QQeA6Tj3mFupCTvLQL4KSopzagh0qClYmcptoanAbQcFVHaMMWvJMH/l 6hNXCKhYWg6VFv0QdjYshL8mcJpij6E2MyTyB35i5WIfCkuWPE1+MQjyBRiVRXKA pm7BBMKrs90HFtNlLvIK5rkQZiP6Ecto62xchN8l6K24Nhv8YaKqstb6XKRTwwkB 4mJxGRU8rGeRv715blTYPNhlIGPpnzVaAwNA2YRtA5fLXTbAznvMf2YZmSDw+vsu //OKov26yZUIlCGC/Y95K3KP6eUSFMfBDRQoVw67f0jlozz25yJiEPoQWxzz/81F Mhwy7CnhUojY3WkAMgf3qB+Pux9ddPprjkUWODZozx86z3QXOEwPpp86YtHoW6nG W9h1PIDHRyE9tsjW3gcjscNn/oBKNaRB26B9LUtSkLPPwXoy7F6wstt3K4iOzEhw popPWsVkwSMN2ujcTNlntdflUN0In/tDNoDH4Grbjm04O+gL38Hc09mcaMMH7QxN dZjHgaOXDFy5F62lQeldZTJ8Tg5vCurTYHO2pj+VOaVOnVJE4Vp5b9gi5k/xR/i0 VhppnZkSexY= =mqcG -----END PGP SIGNATURE-----