Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2013.0112 A vulnerability has been identified in McAfee Agent 7 October 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: McAfee Managed Agent Operating System: Windows Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2013-3627 Member content until: Wednesday, November 6 2013 OVERVIEW A vulnerability has been identified in McAfee Agent 4.5, 4.6 and earlier. IMPACT The vendor has provided the following details regarding this vulnerability: "This MA 4.5 and 4.6 hotfix resolves a Denial of Service (DoS) attack reported by CERT/CC against the McAfee Agent FrameworkService.exe service. This vulnerability is encountered if a malformed HTTP request is sent from an authorized system to the Agent's TCP port (default 8081). Unless the Accept connections only from the ePO server option has been disabled, this attack can only be exploited from the ePO server itself. This hotfix remediates the following issues: CERT/CC Vulnerability Note VU# 613886 A Denial of Service vulnerability against the McAfee Agent FrameworkService.exe has been reported. For more information, see: http://www.kb.cert.org/vuls/id/613886" [1] MITIGATION McAfee recommends upgrading to MA 4.8 patch 1 (or later). [1] REFERENCES [1] McAfee Security Bulletin - McAfee Managed Agent update fixes the "Denial of Service" vulnerability against the FrameworkService.exe https://kc.mcafee.com/corporate/index?page=content&id=SB10055 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUlIDTxLndAQH1ShLAQLv4BAAoAac/RlqLc3tP/0w9o7kMAKnWERt82lU Q9AykhPxwb+3x1C6nG7W8hH6WFcUwOPDUzDmt1wJL0YJnqR5KRatT/+XH9SYUxzS fn2NudELM9Guir2cUBBcMnPzj0Gau6jsuqEKNlzRviNDU09ij9FXN20nEsS3bksu pzy2SG/toXCuUZPoobdnXh09ouEoF1isdobifYK3xrmcB11E/vN2nuXVyslh5Zig y37ydB7A6N8nO7qbj5EnO3MnLgVE4b8bLEaQ83lQvCeOcBr3Tj2Wq2nsK88m3/GM 3klCs/ubQaZnihZ6rAL8xLjCfEyowTqDuXWtveGGPfY7M43LJ66AYEin9ZtYky3q 5hI2PYlLoFs+JblLcyeB/0TBtpI/+3GxA09lHiM1M1eIRUagLJ3Hp91ZxoPx8Oph onix1O//eo7Uol73Mfw4An0UrWSqeWqDGw4KvKFLfwBuBeU2IUR9cEvOWCU+Wxo7 MegHnYRS6W9ZeDL+Ffkkmei+kr2NJJFtnUOPTBgOJ03j9yBxmp5o/3bhosxcw2T6 BwU5tmfg6cwZq0XS1JLzu1Fgg8kk1FUt9gyK72tZI/iTTzr0GwHEana7MR95SlVO 1HxpcdDmZw1sJ3nFeZG5l4qQT7pdGLgCZNkGEprJJsHN8Yz7t+7o6a9RTH3ZnAnE Fa0y3mcz/8Y= =amB9 -----END PGP SIGNATURE-----