Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2015.0032 McAfee Security Bulletin - Data Loss Prevention Endpoint ePO extension update fixes several vulnerabilities: XSS, Denial of Service, Improper Access Control, and Cross-Site Request Forgery 10 April 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: McAfee Network Data Loss Prevention Operating System: Network Appliance Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Access Privileged Data -- Remote/Unauthenticated Create Arbitrary Files -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2008-5161 CVE-2014-4877 Member content until: Sunday, May 10 2015 OVERVIEW Multiple vulnerabilities have been discovered within McAfee DLP Endpoint version 9.3.400 and earlier. [1] IMPACT The vendor has provided the following details on the vulnerabilities: "1044805 - OpenSSH Vulnerability Base Score 2.6 Related exploit range (AccessVector) Network Access Attack complexity (AccessComplexity) Medium Level of authentication needed (Authentication) None Confidentiality impact Partial Integrity impact None Availability impact None Temporal Score (Overall) 2.1 Availability of exploit (Exploitability) Functional Type of fix available (RemediationLevel) Official Fix Level of verification that vulnerability exists Confirmed (ReportConfidence) NOTE: CVSS version 2.0 was used to generate this score. https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=%28AV:N/AC:H/Au:N/C:P/I:N/A:N/E:F/RL:OF/RC:C%29#score In OpenSSH 4.7p1 and possibly other versions, there is a vulnerability of using a block cipher algorithm in Cipher Block Chaining (CBC) mode. Using this vulnerability remote attackers can easily recover certain plaintext data from an arbitrary block of cipher text in an SSH session via unknown vectors. This vulnerability is addressed by giving preference to CTR mode of Cipher over CBC mode of cipher." [1] "1038219 - Wget Vulnerability Base Score 9.3 Related exploit range (AccessVector) Network Access Attack complexity (AccessComplexity) Medium Level of authentication needed (Authentication) None Confidentiality impact Complete Integrity impact Complete Availability impact None Temporal Score (Overall) 7.7 Availability of exploit (Exploitability) Functional Type of fix available (RemediationLevel) Official fix Level of verification that vulnerability exists Confirmed (ReportConfidence) NOTE: CVSS version 2.0 was used to generate this score. https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=%28AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C%29 Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink. This vulnerability is addressed by setting retr-symlinks=on in wgetrc file." [1] MITIGATION The vendor recommends applying the available hotfix to Network Data Loss Prevention 9.3.3. [1] REFERENCES [1] McAfee Security Bulletin - Data Loss Prevention hotfix resolves two security issues https://kc.mcafee.com/corporate/index?page=content&id=SB10111 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVSdsIRLndAQH1ShLAQKaYhAAmsGz3GUq8CqLYeCUmTr7TUspstk1wt2B rWKzYtCfT2hs3ooQvoHrcXw/zgo6YXn/FRv7+FVLzIPQMxA/xh5242sjqK5c3YAx kGJAfYNG1QUzs3qEjCZWqxGXpx69+SOqocR9iLChN4fpGfkcGMdOV7AobYtSMXe7 QVhIbRa6AHoJL8W5iuraIp4Ld5zzAIdHya01wH12fCcS/YHqyTmCuoqST4ufbHoq uqsd3eu9EWjtS+lRQDqaZVZ9mj9JtjWEhQFp4EKjiC0226Ar+E76A6fG5QegOTVq rCzSODPfhUEIhz7kNiodQDjwWPnM/4YNClldHmhFGaR5zDvCLQiW+HYOxj0EG1d+ 0YODTFK05JYt8pklOH9J3PI9BFdOxPgBcjjIPSdIZ3Lsle1AH97i04FR003Y0Dc7 JDFbQgy0EFFSSAbmQOaUny1MqlqVCY4MCB8ZulOhfS/7qWbTFmpyLLJTYr0N+bh+ sGP+jyZtHA/1vP0jpjgZRdHeg+eP+h6F+GA2+usKLihkWwQBrCNtiy1yHgJimM3/ dNQ5VKTsid2hIZwviH1n1OQ4OuRxVdJ1kjs2myp3WFgMzlMgNpryanT+aI1ed2wI zg3af6S066ADBY2xIpxTQPuF0R2+JeTyWOaNP1X5vDp0DShyFmTRyRnzD2FQYhvg rCQCWItONw0= =d94A -----END PGP SIGNATURE-----