Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2015.0089.2
A vulnerability has been identified in McAfee Agent prior to version 5.0.2
21 September 2015
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: McAfee Agent
Operating System: Windows
Linux variants
OS X
Impact/Access: Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2015-7237
Member content until: Thursday, October 8 2015
Revision History: September 21 2015: CVE reference added
September 8 2015: Initial Release
OVERVIEW
A vulnerability has been identified in McAfee Agent prior to version
5.0.2. [1]
IMPACT
The vendor has provided the following details regarding the
vulnerability:
"This McAfee Agent patch addresses a vulnerability in the remote log
viewing functionality where the inputs passed to the URL were not
completely validated." [1]
"This vulnerability is encountered only if the following two
conditions are met. Please note that these are not enabled by
default: The McAfee Agent remote log viewing functionality is
enabled. Access to remote logs is not restricted to ePO
administrators. If both of the above conditions are satisfied, a
malicious user can pass unexpected inputs to McAfee Agent using the
URL." [11
MITIGATION
The vendor recommends users update to the latest version of McAfee
Agent to correct these issues. [1]
REFERENCES
[1] Intel Security - Security Bulletin: McAfee Agent patch fixes a
vulnerability in its remote log viewing functionality
https://kc.mcafee.com/corporate/index?page=content&id=SB10130
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVf+EKX6ZAP0PgtI9AQL6KRAAv2P6rKAvsr7a2vUvndDJHwA+sACA4VvQ
xX/fyx0IJgnE9S2dnUKkJX2xZ4B3XKHlE/PGowi4LPdV8D7/EaNesETkMZUZQxra
sWdyXUKob+NeUjuibPCcK2wJemJNY1FUnwEMZFcgBk6Odlr9PYGMqb71JwsWGKlw
3mF+l7fG6/H3nWAYau3Yqws8MAocwL/RF4Hp2MQK1z5iIh/q7kxTt+guV98020Wk
x2IKvJvvjWbDk4drgCECC3N4JCo40sm7MXEIIkvoW8b4Iqb6+RKYX4klE2Wcgr9y
h4ngdVotIQyOM2BppLnVam4YoZ/0/l7fjdL93qhkNPLWRNWHMOxqvTPeIoXl2hJK
PCoiLaYp7T9H5IopIJ43tWkApp6BjN7xosLjMlMZhuSBib6NuGIjMa9lc7Dj2ukL
TtepGvKs0dKz8/jd55y0O6M3+T3Nq12qrPAiBgrhiJTcBi9+xrSYcqyR7B/YLU3r
hdsJMY4ItLnpu1iWS/c2lmGSojrpaqfzVKjZpOpxmkp4r9fMsey3pOJUsEhW+2oX
jPRywhwmf7/XeRwopnnT16E+6FZJdqVMw4iK/kWUWCZ+EKExAtlDiq9P5k35itS1
E6+SiGLvKrKVSoTxgT17ACTrm6j9YLfQc9zyREoT8eBWCmjYKefQYGzyOqHsYU68
Nmzve8x5o9k=
=jq35
-----END PGP SIGNATURE-----