Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2013.0118 A number of vulnerabilities have been identified in McAfee Firewall Enterprise prior to version 8.3.1P04. 29 October 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: McAfee Firewall Enterprise Operating System: Network Appliance Impact/Access: Root Compromise -- Existing Account Modify Arbitrary Files -- Existing Account Denial of Service -- Existing Account Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2013-5710 CVE-2013-5691 CVE-2013-5209 CVE-2013-3077 Member content until: Thursday, November 28 2013 Reference: ESB-2013.1415 ESB-2013.1259 ESB-2013.1258 ESB-2013.1163 ESB-2013.1144.2 ESB-2013.1143.2 OVERVIEW A number of vulnerabilities have been identified in McAfee Firewall Enterprise prior to version 8.3.1P04. [1] IMPACT The vendor has provided the following details regarding these issues: "New for P04: Kernel: [...] Import fixes for CVE-2013-5691 and CVE-2013-5710. [...] Import fixes for CVE-2013-3077 and CVE-2013-5209." [1] MITIGATION The vendor recommends applying the latest patch to correct these issues. [1] REFERENCES [1] Firewall Enterprise 8.3.1P04 Release Bulletin https://kc.mcafee.com/corporate/index?page=content&id=KB79597 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUm8KzBLndAQH1ShLAQIu7g//cPX0Z3r9brFttAIKsLGNQIluOe4G90gj 6zBh2aY0mz8ubTQt+vHlq4X8D+MrCzva+idxmwP3IjO+kLkpT48OphkM7/C7zIlg YjbhBeedPmFkCMohdA5vCNz2dV2pa9TrhlUoaJyMe2TQBXYxIU9PwgYBc9AqSYrM KIzjAIgVsCEn59TstwSc3Jv/xWP9jsvpQ0MLXNGbSouWb5oLHR99fd9se/Mo/qVr 830sSnW90IxBxrpXk+IFbbdad0/qo9dYjBUzHptBNAFFQGLiA2Zl9k56Dy0RZzEw cgLFHT0UWhYwQhyjfZ1SDEHOtSxOGekl8hNFcJRoTYxesmeMWjhpIyRij7rSmNBr 0/wkbvwMj9r9I03+prRST3ISchqJHpnV8/wGKxTxW4WVfE31UL+IwldbgrxaNKGr nEkQDTMlq0eEDhlHNEIcVHEdSAKU2yjmJSV51qjuGC+OdsuY+A1UNJBEZc/TErBD gJTVIBCp9gcntcPyhnDLf2miAzSnGpO0bAWsZbqnEZYhlxc6PJ/rbDN9/zFw7z3D +LOA1Kis2x1RtsFSkyC57U1SAiKwHKTlsyde5KZgao1zSUURYSw71BjfTa2azCUm 6wCOaugkNd0pL8p8MtLXEqCVaG6xtAFbDW0UEcntXM41pk5pt0O53l9zt852s1bW CTLzt9mTHXI= =ZlXy -----END PGP SIGNATURE-----