Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2013.0118
A number of vulnerabilities have been identified in McAfee
Firewall Enterprise prior to version 8.3.1P04.
29 October 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: McAfee Firewall Enterprise
Operating System: Network Appliance
Impact/Access: Root Compromise -- Existing Account
Modify Arbitrary Files -- Existing Account
Denial of Service -- Existing Account
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2013-5710 CVE-2013-5691 CVE-2013-5209
CVE-2013-3077
Member content until: Thursday, November 28 2013
Reference: ESB-2013.1415
ESB-2013.1259
ESB-2013.1258
ESB-2013.1163
ESB-2013.1144.2
ESB-2013.1143.2
OVERVIEW
A number of vulnerabilities have been identified in McAfee Firewall
Enterprise prior to version 8.3.1P04. [1]
IMPACT
The vendor has provided the following details regarding these issues:
"New for P04:
Kernel:
[...]
Import fixes for CVE-2013-5691 and CVE-2013-5710.
[...]
Import fixes for CVE-2013-3077 and CVE-2013-5209." [1]
MITIGATION
The vendor recommends applying the latest patch to correct these
issues. [1]
REFERENCES
[1] Firewall Enterprise 8.3.1P04 Release Bulletin
https://kc.mcafee.com/corporate/index?page=content&id=KB79597
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUm8KzBLndAQH1ShLAQIu7g//cPX0Z3r9brFttAIKsLGNQIluOe4G90gj
6zBh2aY0mz8ubTQt+vHlq4X8D+MrCzva+idxmwP3IjO+kLkpT48OphkM7/C7zIlg
YjbhBeedPmFkCMohdA5vCNz2dV2pa9TrhlUoaJyMe2TQBXYxIU9PwgYBc9AqSYrM
KIzjAIgVsCEn59TstwSc3Jv/xWP9jsvpQ0MLXNGbSouWb5oLHR99fd9se/Mo/qVr
830sSnW90IxBxrpXk+IFbbdad0/qo9dYjBUzHptBNAFFQGLiA2Zl9k56Dy0RZzEw
cgLFHT0UWhYwQhyjfZ1SDEHOtSxOGekl8hNFcJRoTYxesmeMWjhpIyRij7rSmNBr
0/wkbvwMj9r9I03+prRST3ISchqJHpnV8/wGKxTxW4WVfE31UL+IwldbgrxaNKGr
nEkQDTMlq0eEDhlHNEIcVHEdSAKU2yjmJSV51qjuGC+OdsuY+A1UNJBEZc/TErBD
gJTVIBCp9gcntcPyhnDLf2miAzSnGpO0bAWsZbqnEZYhlxc6PJ/rbDN9/zFw7z3D
+LOA1Kis2x1RtsFSkyC57U1SAiKwHKTlsyde5KZgao1zSUURYSw71BjfTa2azCUm
6wCOaugkNd0pL8p8MtLXEqCVaG6xtAFbDW0UEcntXM41pk5pt0O53l9zt852s1bW
CTLzt9mTHXI=
=ZlXy
-----END PGP SIGNATURE-----