Operating System:

[WIN]

Published:

22 January 2015

Protect yourself against future threats.

//Service

Security Bulletins

Receive up to date and consistent security bulletins across a wide range of vendors, streamlining security patching.

Read more
Resources > Security Bulletins > ASB-2015.0010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2015.0010
            DLPe update fixes several vulnerabilities: XSS, SQL
        Injection, Improper Access Control and privilege escalation
                              22 January 2015

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              McAfee Data Loss Prevention Endpoint (DLPe)
                      McAfee DLPe ePolicy Orchestrator extension
Operating System:     Windows
Impact/Access:        Access Privileged Data          -- Remote/Unauthenticated      
                      Execute Arbitrary Code/Commands -- Existing Account            
                      Increased Privileges            -- Existing Account            
                      Cross-site Scripting            -- Remote with User Interaction
Resolution:           Patch/Upgrade
Member content until: Saturday, February 21 2015

OVERVIEW

        McAfee has released an update for its Data Loss Prevention Endpoint
        (DLPe) product which addresses three vulnerabilities. [1]
        
        Additionally, the vendor advises the same update addresses a 
        privilege escalation vulnerability in Windows XP systems running 
        DLPe. [1,2]


IMPACT

        McAfee has provided the following details regarding the 
        vulnerabilities affecting DLPe ePO extension:
        
        CWE-79 Cross-Site Scripting (XSS): "A malicious user is capable of 
        injecting arbitrary browser script content into a user's browsing 
        session through Cross Site Scripting. Injected content may contain 
        malicious JavaScript designed to exploit or harm a user's browser".
        [1]
        
        CWE-89 SQL Injection: "A SQL Injection vulnerability can be 
        exploited by all authenticated ePO users to manipulate the ePO 
        database". [1]
        
        CWE-287 Improper Access Control: "A specially crafted URL may be 
        used to retrieve sensitive password information from the ePO 
        database". [1]
        
        McAfee has provided the following information regarding the 
        vulnerability affecting DLPe in Windows XP systems:
        
        CWE-79: "An attacker running McAfee DLP Endpoint (DLPe) may gain 
        elevated privileges on Windows XP operating systems (only) by 
        sending specifically crafted commands to a Windows kernel driver". 
        [2]


MITIGATION

        McAfee advises users to apply the update to all affected systems. 
        [1,2]


REFERENCES

        [1] McAfee Security Bulletin - DLPe ePO extension update fixes several
            vulnerabilities: XSS, SQL Injection, and Improper Access Control
            https://kc.mcafee.com/corporate/index?page=content&id=SB10098

        [2] McAfee Security Bulletin - DLPe update fixes a privilege escalation
            vulnerability on Windows XP
            https://kc.mcafee.com/corporate/index?page=content&id=SB10097

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVMCNtxLndAQH1ShLAQIdzw/+KFgMv3tG4XIaI8OIp3L0SZop/XRhBKLT
SAwmgD5mOwWs5XL8X8I2TPfVjPOm9CXzc6C595CiWBhYkTF9bdbB4dO3WZnoa++g
N1HZWLTw3+LuJ3dF+IohJWXZjAztfCl3CWpmJMAdUYQtnCdH9H3Eo65aHu+3l3Lh
7moaVtruEEVtzL0DwfVYYh8QHMXIl7FCx4doYr6wC/EEUmL6k1Rh8TYgzDxp/IQ5
U/5xG4AzyvLcknOl5HNiBLgLUKYbJ2QnR0WBC1jnqP8/fXYnSFscXxvF0jGRrUwM
gMcr4oLCX+zXLHIolGPwTzSRnzPrAFq6v4iiLapWRQthbGL9Yw1ZnsKPqhyQUOCJ
ojs0tWsN7ySqAr+pRmqC/61uLFXnxGpz89cK72hFK0ax6amAJjHnMqlWWwFYMlfg
wOMA8KT6j8pe9axe0gPtIjyxbWksl+c2Dy+Bq7MZdwV/3AqgiznhdfgaxL4e9RPo
0UXdZ88DeQnrSpeS+ankDldm8gZEa+NyZB/qitSESfuiUrTtPKMlLZHYZuBnelY8
RkG0sCscsQKb7FvmjLfc3XQ7bDIJfMLXpGIAJjNvgMy33f67eUIpi8psVmEtn7XA
+LnQNh32H25FD53CWWfX9A9b+/EP1tmkJHDKJFkbYV7R4B09t6YTy9Ij6xcXYFrf
2oIs0VvZAxc=
=wtRm
-----END PGP SIGNATURE-----