Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2014.0115 Numerous McAfee security products affected by GNU Bash vulnerabilities 7 October 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: McAfee products Operating System: Network Appliance Virtualisation Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2014-7187 CVE-2014-7186 CVE-2014-7169 CVE-2014-6278 CVE-2014-6277 CVE-2014-6271 Member content until: Thursday, November 6 2014 OVERVIEW It has been discovered that several well known Bash vulnerabilities affect numerous McAfee products. [1] The vendor advises the following products are vulnerable, and have been updated: GTI Proxy 2.0 McAfee Email Gateway (MEG) McAfee Firewall Enterprise Control Center (MFE CC) McAfee Security Information and Event Management (SIEM) / Nitro McAfee Web Gateway (MWG) Network Data Loss Prevention (NDLP) Next-Generation Firewall (NGFW) / Stonesoft [1] The vendor advises the following products, though vulnerable, have not yet been updated: Email and Web Security (EWS) McAfee SSL VPN (VPN) [1] The vendor also states the following products, though vulnerable, are considered low risk, if deployed using best practices: Boot Attestation Service (BAS) / Open Virtual Appliance (OVA) GTI Proxy / GTI Private Cloud (File Reputation) McAfee Advanced Threat Defense (MATD) McAfee Asset Manager (MAM) McAfee Cloud Single Sign On (MCSSO) / McAfee Cloud Identity Manager (MCIM) Management for Optimized Virtual Environments AntiVirus (MOVE AV) Management for Optimized Virtual Environments AntiVirus Security Virtual Appliance (MOVE SVA) Management for Optimized Virtual Environments AntiVirus Security Virtual Appliance Manager (MOVE SVA Manager) Management for Optimized Virtual Environments Firewall (MOVE Firewall) McAfee MOVE Scheduler (MOVE AV Scheduler) Network Access Control (NAC) Network Security Platform (NSP) SaaS Account Management (SAM) SaaS Email Archiving SaaS Email Protection and Continuity SaaS Web Protection [1] IMPACT The vendor has provided the following details regarding the vulnerabilities: CVE-2014-6271: "GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables." [1] CVE-2014-7169: "GNU Bash through 4.3 Bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables." [1] CVE-2014-7186: "The redirection implementation in parse.y in GNU Bash through 4.3 Bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" issue." [1] CVE-2014-7187: "Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 Bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue." [1] The vendor notes that some vulnerabilities exist due to incomplete patches provided for previously identified vulnerabilities. "Incomplete Vendor Patches: Early patches from vendors are not always complete or accurate. More issues in the parser have been discovered that are just as serious as the original vulnerability. Vendor Patch Vulnerability IDs CVE-2014-6277: NOTE: This vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169. CVE-2014-6278: NOTE: This vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169." [1] MITIGATION The vendor recommends users of known vulnerable McAfee products: "Go to the McAfee Downloads site and download the applicable product patch/hotfix file". [1] REFERENCES [1] McAfee Security Bulletin - Bash Shellshock Code Injection Exploit Updates for CVE-2014-6271 and CVE-2014-7169 https://kc.mcafee.com/corporate/index?page=content&id=SB10085 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVDNzZRLndAQH1ShLAQLjmw//bY2dAhegjMwogFEfs3aM0QGQAFXS2Hy5 PQcAy9YT67YsZOxMVP83WTsyZKutuld1NfSaxqPbjuChC/zdQT1tYQR1Er1h/2yl 7+aghkcx3VAb6LzYOvV4jmLH031PZbd6J30AJ5KY+2rRW8HqWZVAnUjCKDbJB434 qQlMfNm0gJH60d01h45JouC6J+7okCR9MmY8+xClw5Ag/DhywmayvVJAo7flTWcx dYnxXzM9jvbGA3ssgSr2U34R+xedbv375JeA+2iK7/uWNSqeQnSSdXmlAQX8DkJb W0gXORaHm2h9iiZv6pN/VdjXhvb9ZL6qoyLVbxzJI8U3mBmpoVtH+jegZS954kMs tWDU7YZV0EEIqXNI6tZy9ToZfSgrJz8zbcmIPDkPy4K6arjhbYEXuJm9zO9+7vUO AHfMUf3N2ezwXtCQIIUbaRuKGZZx3RLOPTCwA3RH+c+TJMoaDp+g3KCl1JOxDD2t 4siza+uy10rpS9cyH89Y5L/zWie81ZV5V2iKms0Yi6B7GsWcF62QuhnUznq7N4Ie 9e2g0TQQFrAA2vGQQ8ieV9dkPC6TshdNoS4ARN1REaqtdSpQYTT+l9BmcwiFjLxN NPiwL0H+JYw7k+J/79ClWl5hGY6Hw2GjaarFQHFreHvVOSE6uC4dR0xKFgQGu5lf DCmTarMkoJI= =7IiA -----END PGP SIGNATURE-----