Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2013.0115 A privilege escalation vulnerability has been identified in McAfee Email Gateway 18 October 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: McAfee Email Gateway Operating System: Network Appliance Impact/Access: Increased Privileges -- Existing Account Resolution: Patch/Upgrade Member content until: Sunday, November 17 2013 OVERVIEW A vulnerability has been identified in McAfee Email Gateway Appliance prior to 7.6 IMPACT The vendor has provided the following details regarding this issue: "By providing specific data to the graphical user interface, the software can be made to execute data passed directly to it as code. This can allow an attacker to execute arbitrary shell commands which could lead to root level super-user access. This vulnerability requires a valid session ID to perform this attack." [1] MITIGATION The vendor recommends updating to the latest version of McAfee Email Gateway to correct this vulnerability. [1] REFERENCES [1] McAfee Security Bulletin – Email Gateway privilege escalation issue patched https://kc.mcafee.com/corporate/index?page=content&id=SB10057 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUmCuNhLndAQH1ShLAQJhVw//YuyB8y2AhK1V3LYpVx6Os+oCvsBUEKuW 1xfnOUMW+HqrehJEA0b+KiABXoapyJ12hd8D7bW4XeMtX0eB+0IB8YPdX20atJoN 0wG2oD9NGawPHyzOteF4Aup3fk9Bf5cYcb9KcHcucDdw6Ah5gtembeC9cxkDiuhk OBb6V5kb9g4YfFDYVzRimEtkjGJ993ZlgFSnBSysGVYGzOlRbp841Gwb4DgPT2T1 e5LEDri15ynZWF4fByDrjd+De6Z1vxCltdlxajrrFxgCVK+Kz/wa5EdtEfpoooBe UZiEYAKN6BqQgaapkpmCPrH2nP3Gpda90PlvYBIneejmUzm+c+W6tcrgWjq0bchQ hgbI6q/tdnu74mZvw9S1j11yKIyRAfgSHPxnX2VhcNiqHKxE3UWykYw8RGNuh5Zv aVZcm/GHKPmIs1cv9AY16HmmdvvWbIO2YDfDEGBzwbQ2dN020VQg5pK5jXLENFtZ gAbYJnT1KfVlkWya3LQbXxIApkCx9/DHxLh8l01/O6Nq7j+aqcUBG3mKWFx0s4VO WaMc8zEElILjm6N51zYE/1eEcfphHiLmfQbzX0TR2562De0V1eoHK57iQZq3p0q5 5vlpvuvKwS07eUjoAFH/fspIxv431qrVAFJrxiLxztb1Nn88MmaRoSd1qkCfWxHy Hs8TQly5skw= =jrmM -----END PGP SIGNATURE-----