Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2015.0032
McAfee Security Bulletin - Data Loss Prevention Endpoint ePO extension
update fixes several vulnerabilities: XSS, Denial of Service, Improper
Access Control, and Cross-Site Request Forgery
10 April 2015
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: McAfee Network Data Loss Prevention
Operating System: Network Appliance
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Access Privileged Data -- Remote/Unauthenticated
Create Arbitrary Files -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2008-5161 CVE-2014-4877
Member content until: Sunday, May 10 2015
OVERVIEW
Multiple vulnerabilities have been discovered within McAfee DLP
Endpoint version 9.3.400 and earlier. [1]
IMPACT
The vendor has provided the following details on the vulnerabilities:
"1044805 - OpenSSH Vulnerability
Base Score 2.6
Related exploit range (AccessVector) Network Access
Attack complexity (AccessComplexity) Medium
Level of authentication needed (Authentication) None
Confidentiality impact Partial
Integrity impact None
Availability impact None
Temporal Score (Overall) 2.1
Availability of exploit (Exploitability) Functional
Type of fix available (RemediationLevel) Official Fix
Level of verification that vulnerability exists Confirmed
(ReportConfidence)
NOTE: CVSS version 2.0 was used to generate this score.
https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=%28AV:N/AC:H/Au:N/C:P/I:N/A:N/E:F/RL:OF/RC:C%29#score
In OpenSSH 4.7p1 and possibly other versions, there is a vulnerability
of using a block cipher algorithm in Cipher Block Chaining (CBC) mode.
Using this vulnerability remote attackers can easily recover certain
plaintext data from an arbitrary block of cipher text in an SSH session
via unknown vectors.
This vulnerability is addressed by giving preference to CTR mode of
Cipher over CBC mode of cipher." [1]
"1038219 - Wget Vulnerability
Base Score 9.3
Related exploit range (AccessVector) Network Access
Attack complexity (AccessComplexity) Medium
Level of authentication needed (Authentication) None
Confidentiality impact Complete
Integrity impact Complete
Availability impact None
Temporal Score (Overall) 7.7
Availability of exploit (Exploitability) Functional
Type of fix available (RemediationLevel) Official fix
Level of verification that vulnerability exists Confirmed
(ReportConfidence)
NOTE: CVSS version 2.0 was used to generate this score.
https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=%28AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C%29
Absolute path traversal vulnerability in GNU Wget before 1.16, when
recursion is enabled, allows remote FTP servers to write to arbitrary
files, and consequently execute arbitrary code, via a LIST response
that references the same filename within two entries, one of which
indicates that the filename is for a symlink.
This vulnerability is addressed by setting retr-symlinks=on in wgetrc
file." [1]
MITIGATION
The vendor recommends applying the available hotfix to Network Data
Loss Prevention 9.3.3. [1]
REFERENCES
[1] McAfee Security Bulletin - Data Loss Prevention hotfix resolves two
security issues
https://kc.mcafee.com/corporate/index?page=content&id=SB10111
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVSdsIRLndAQH1ShLAQKaYhAAmsGz3GUq8CqLYeCUmTr7TUspstk1wt2B
rWKzYtCfT2hs3ooQvoHrcXw/zgo6YXn/FRv7+FVLzIPQMxA/xh5242sjqK5c3YAx
kGJAfYNG1QUzs3qEjCZWqxGXpx69+SOqocR9iLChN4fpGfkcGMdOV7AobYtSMXe7
QVhIbRa6AHoJL8W5iuraIp4Ld5zzAIdHya01wH12fCcS/YHqyTmCuoqST4ufbHoq
uqsd3eu9EWjtS+lRQDqaZVZ9mj9JtjWEhQFp4EKjiC0226Ar+E76A6fG5QegOTVq
rCzSODPfhUEIhz7kNiodQDjwWPnM/4YNClldHmhFGaR5zDvCLQiW+HYOxj0EG1d+
0YODTFK05JYt8pklOH9J3PI9BFdOxPgBcjjIPSdIZ3Lsle1AH97i04FR003Y0Dc7
JDFbQgy0EFFSSAbmQOaUny1MqlqVCY4MCB8ZulOhfS/7qWbTFmpyLLJTYr0N+bh+
sGP+jyZtHA/1vP0jpjgZRdHeg+eP+h6F+GA2+usKLihkWwQBrCNtiy1yHgJimM3/
dNQ5VKTsid2hIZwviH1n1OQ4OuRxVdJ1kjs2myp3WFgMzlMgNpryanT+aI1ed2wI
zg3af6S066ADBY2xIpxTQPuF0R2+JeTyWOaNP1X5vDp0DShyFmTRyRnzD2FQYhvg
rCQCWItONw0=
=d94A
-----END PGP SIGNATURE-----