09 December 2015
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2015.0114.2 An authentication bypass vulnerability has been fixed in SIEM ESM, ESMREC, and ESMLM 9 December 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: McAfee Enterprise Security Manager McAfee Enterprise Security Manager/Log Manager McAfee Enterprise Security Manager/Receiver Operating System: Windows Linux variants Mac OS Impact/Access: Administrator Compromise -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2015-8024 Member content until: Monday, January 4 2016 Revision History: December 9 2015: Removed reference to McAfee Agent December 7 2015: Initial Release OVERVIEW A vulnerability has been identified in McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) 9.3.x before 9.3.2MR19, 9.4.x before 9.4.2MR9, and 9.5.x before 9.5.0MR8.  IMPACT The vendor has provided the following information about the vulnerability (CVE-2015-8024): "A specially crafted username can bypass SIEM ESM authentication (password is not validated) if the ESM is configured to use Active Directory or LDAP authentication sources. This can result in the attacker gaining NGCP (master user) access to the ESM."  MITIGATION The vendor has provided the following workaround: "The ESM administrator can disable all Active Directory and LDAP authentication sources in the ESM." There are also patches available.  REFERENCES  Intel Security - Security Bulletin: SIEM ESM, ESMREC, and ESMLM updates fix authentication bypass vulnerability https://kc.mcafee.com/corporate/index?page=content&id=SB10137 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: firstname.lastname@example.org Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVmePdH6ZAP0PgtI9AQLixhAAjSAiQXYZgw5axUArVd6NsbcOOFbiFW0w m87htT794DoudJg9MJfKWrYELCaebj2kKO2MNJnawlT33/IBmerIAE786ZvL450/ tgyKRlSWhNyoxqD1xH3h9oRp7Vy+YHMt5w1aXO5L5oJHUQWf4OX8iydTMnI8D09U hRWpj9HznusUytEYiblK4YsYMw6JfIVn6Bx57FjNYPiBqd8X3gpcL8MuZsKQqjPI 7aGjXSQo15LgqAkl7tA4BeGbksqa0cdPQovD5idYNzyMmD/semMZ//CZ+S87uETR ZL7CWtulZ6a67yAJ7rXG7KeGs/7aROy2bOchCFEGKu02QdtktnM+S2ITBuxVz/dx 6PY5UluqaltqyXFQlBNhKVd2s6pvgasiD51EaW7kI5jWxntA4ZXSaINv9D623GRv rXO/ny7hVRdr3Ew0aD/jRlCSHoibBW9CKQAnHJWp2ANtiS+1qtoh32q51C1MaTvY Ep7croYdmxFhWDnlHesbAHgPvSNDKs4FZfMqb9Bv7x56x+2fow1fMUmgkk7zC3ma ueQMT+WSUVeyqvsLbS3jP56qtFfJLjLczUyYuFGtcUjGGLqUMDh+PLTCGulwnK2o 56Fka9lHd7IjNsalDv2p+8Sv7Vw1wUkpLZKdxVJuTtTulLIOhDO1Lo0hfiqzwXVq 2zJUS65l6YA= =JFVH -----END PGP SIGNATURE-----