Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2013.0100 A vulnerability has been identified in multiple McAfee products. 13 August 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Email and Web Security Appliances (EWS) 5.6 McAfee Email Gateway (MEG) 7.0. 7.5 McAfee Web Gateway (MWG) 7.3.2 McAfee Firewall Enterprise (MFE) 8.2.1, 8.3.1 Operating System: Network Appliance Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2013-4854 Member content until: Thursday, September 12 2013 Reference: ASB-2013.0093 ESB-2013.1037 ESB-2013.1032 ESB-2013.1021 ESB-2013.1020 ESB-2013.1019 OVERVIEW A vulnerability in has been identified in the following McAfee products: Email and Web Security Appliances (EWS) 5.6 McAfee Email Gateway (MEG) 7.0. 7.5 McAfee Web Gateway (MWG) 7.3.2 McAfee Firewall Enterprise (MFE) 8.2.1, 8.3.1 [1] IMPACT The vendor has provided the following details regarding this issue: "CVE-2013-4854 describes a vulnerability in ISC BIND. A specially crafted query that includes malformed RDATA can cause named1 to terminate with an assertion failure while rejecting the malformed query. The listed McAfee products use the BIND server (named) as a local caching DNS server to reduce the number of remote DNS queries they have to perform, resulting in improved performance. By default, these products do not listen for remote DNS queries. Only McAfee Firewall Enterprise (MFE) includes an option to configure and respond to remote queries. If the local BIND server receives one of the malformed queries, all listed products will fail closed in a manner that does not leave the Appliance in a state that will allow traffic that the configuration normally disallows. Should the BIND server unexpectedly stop (crash), all McAfee Appliances will restart the BIND services and normal operation will continue. Due to the nature of the products, how they utilize Bind, and their fail closed architecture, there is minimal risk that the Appliances may be successfully subverted through this BIND vulnerability. If you calculate a CVSS environment score, please factor in the mitigations designed into McAfee Appliances." [1] MITIGATION The vendor recommends applying the latest patch to correct these issues. [1] REFERENCES [1] McAfee Security Bulletin - Updates for multiple McAfee Network products resolve BIND vulnerability https://kc.mcafee.com/corporate/index?page=content&id=SB10052 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUgmLuhLndAQH1ShLAQIBBxAAkiJ26YrVo0GrubGZ8h/NxLzv7wzrO6E1 uz3ibS/t9JO9YoFSvfQq7O+S/kE40D1e/0Ft9PpqdC8+Rw9CboryKhtwRxDW4qYC Cy1Eyuzsr5eVMZPMRZZIL5WrB0TERegImrHTLNApfT55xeeDgWsAJNtlRM09Jng3 JXVTQ/adjN+fA3jrGt56Y/a6IbsOobjN1OXhp2cDFXnFixwO0xqyQ+M65kxG2+Xc ras0CZIinFBhDcMiLvuHnFxBOQer0zqjF06g0DQPeU7kizVxEWzgYLNgIOSpe+UM yyP9/mbQKXcDiLVKtspHvR0wnywslpQRxUuK9B4a3rbu7raSRiAUxS65eEX1yxYv zUMjzZhWBy+7Ytk9SU1tcfkQx21PjxH6Vwcl1MZ5nWyRlSkiT6zSgHq9NZshrLXA YDoSajaowC/JYsJCfaHdTFSLLZpuwS9IzaOgoCyM4JpQP7uVKtWimesF9dzVJj/j eg17CbNxD7Z3po7QXtw25M7gKhOBnbguE6O/V5kchNcnY+qVXiWZHTtIxmToJGln RKXx0g84e4otQwsT1o157kdakjQdU+a6mfsTYvcjes73V7Y55uR+oukaYWKkOFY8 Vil2b/Xw3lM3v1YDnBKpY7nlge6zMC+NFg98l92iFZ6B/1m/7psU63NIOd0SfpSS n7Tr0Y0m2Ow= =1VKo -----END PGP SIGNATURE-----