Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2015.0010 DLPe update fixes several vulnerabilities: XSS, SQL Injection, Improper Access Control and privilege escalation 22 January 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: McAfee Data Loss Prevention Endpoint (DLPe) McAfee DLPe ePolicy Orchestrator extension Operating System: Windows Impact/Access: Access Privileged Data -- Remote/Unauthenticated Execute Arbitrary Code/Commands -- Existing Account Increased Privileges -- Existing Account Cross-site Scripting -- Remote with User Interaction Resolution: Patch/Upgrade Member content until: Saturday, February 21 2015 OVERVIEW McAfee has released an update for its Data Loss Prevention Endpoint (DLPe) product which addresses three vulnerabilities. [1] Additionally, the vendor advises the same update addresses a privilege escalation vulnerability in Windows XP systems running DLPe. [1,2] IMPACT McAfee has provided the following details regarding the vulnerabilities affecting DLPe ePO extension: CWE-79 Cross-Site Scripting (XSS): "A malicious user is capable of injecting arbitrary browser script content into a user's browsing session through Cross Site Scripting. Injected content may contain malicious JavaScript designed to exploit or harm a user's browser". [1] CWE-89 SQL Injection: "A SQL Injection vulnerability can be exploited by all authenticated ePO users to manipulate the ePO database". [1] CWE-287 Improper Access Control: "A specially crafted URL may be used to retrieve sensitive password information from the ePO database". [1] McAfee has provided the following information regarding the vulnerability affecting DLPe in Windows XP systems: CWE-79: "An attacker running McAfee DLP Endpoint (DLPe) may gain elevated privileges on Windows XP operating systems (only) by sending specifically crafted commands to a Windows kernel driver". [2] MITIGATION McAfee advises users to apply the update to all affected systems. [1,2] REFERENCES [1] McAfee Security Bulletin - DLPe ePO extension update fixes several vulnerabilities: XSS, SQL Injection, and Improper Access Control https://kc.mcafee.com/corporate/index?page=content&id=SB10098 [2] McAfee Security Bulletin - DLPe update fixes a privilege escalation vulnerability on Windows XP https://kc.mcafee.com/corporate/index?page=content&id=SB10097 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVMCNtxLndAQH1ShLAQIdzw/+KFgMv3tG4XIaI8OIp3L0SZop/XRhBKLT SAwmgD5mOwWs5XL8X8I2TPfVjPOm9CXzc6C595CiWBhYkTF9bdbB4dO3WZnoa++g N1HZWLTw3+LuJ3dF+IohJWXZjAztfCl3CWpmJMAdUYQtnCdH9H3Eo65aHu+3l3Lh 7moaVtruEEVtzL0DwfVYYh8QHMXIl7FCx4doYr6wC/EEUmL6k1Rh8TYgzDxp/IQ5 U/5xG4AzyvLcknOl5HNiBLgLUKYbJ2QnR0WBC1jnqP8/fXYnSFscXxvF0jGRrUwM gMcr4oLCX+zXLHIolGPwTzSRnzPrAFq6v4iiLapWRQthbGL9Yw1ZnsKPqhyQUOCJ ojs0tWsN7ySqAr+pRmqC/61uLFXnxGpz89cK72hFK0ax6amAJjHnMqlWWwFYMlfg wOMA8KT6j8pe9axe0gPtIjyxbWksl+c2Dy+Bq7MZdwV/3AqgiznhdfgaxL4e9RPo 0UXdZ88DeQnrSpeS+ankDldm8gZEa+NyZB/qitSESfuiUrTtPKMlLZHYZuBnelY8 RkG0sCscsQKb7FvmjLfc3XQ7bDIJfMLXpGIAJjNvgMy33f67eUIpi8psVmEtn7XA +LnQNh32H25FD53CWWfX9A9b+/EP1tmkJHDKJFkbYV7R4B09t6YTy9Ij6xcXYFrf 2oIs0VvZAxc= =wtRm -----END PGP SIGNATURE-----