Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2017.0075 McAfee Security Bulletin - Network Data Loss Prevention update fixes seven vulnerabilities 18 May 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: McAfee Network Data Loss Prevention (NDLP) Operating System: Virtualisation Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Modify Permissions -- Existing Account Cross-site Scripting -- Existing Account Provide Misleading Information -- Remote with User Interaction Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2017-4017 CVE-2017-4016 CVE-2017-4015 CVE-2017-4014 CVE-2017-4013 CVE-2017-4012 CVE-2017-4011 Member content until: Saturday, June 17 2017 OVERVIEW McAfee Network Data Loss Prevention (NDLP) fixes seven vulnerabilities in NDLP 9.3.4.1.4 on the VM, 4400, and 5500 platforms. [1] IMPACT The vendor has provided the following information about the vulnerability: "This patch remediates the following issues: CVE-2017-4011: Embedding Script (XSS) in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to get session/cookie information via modification of the HTTP request. CVE-2017-4012: Privilege Escalation vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via modification of the HTTP request. CVE-2017-4013: Banner Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to obtain product information via HTTP response header. CVE-2017-4014: Session Side jacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view, add, and remove users via modification of the HTTP request. CVE-2017-4015: Clickjacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to inject arbitrary web script or HTML via HTTP response header. CVE-2017-4016: Web Server method disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to exploit and find another hole via the HTTP response header. CVE-2017-4017: User Name Disclosure in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to view user information via the appliance web interface." [1] MITIGATION The vendor recommends applying the relevant patches to address this issue. "Apply NDLP Hotfix "hotfix_1193129_47810_01" to NDLP 9.3.4.1.4. Go to the Product Downloads site and download the applicable product hotfix file: Product Type Version File Name Release Date NDLP Hotfix hotfix_1193129_47810_01 hotfix_1193129_47810_01.tar.gz May 16, 2017."[1] REFERENCES [1] McAfee Security Bulletin - Network Data Loss Prevention update fixes seven vulnerabilities https://kc.mcafee.com/corporate/index?page=content&id=SB10198 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWR0V5ox+lLeg9Ub1AQh8dg//XXJ3J/wv9WDg8dGiJ7xoQu+hpLOGS+rE xDsdw9twv3dwNf7xKtMDtKN4coN9UoqlRiviCr1efshVDHXx1q5xNpVeGMonj9vC wJQzvTt1ybMkImd03RfghUOvWKkrIuuR//cMzGn58/tr67ciamFwOMxltHD2oeg5 GLG9i81NEGkUXz5PAm1eHtGkSoOqLkOte4x+OK6G7qTsZbXAcydMJqKueu0d/B7P oZyr10lCfOnUo/aDKGs509D6hUBmCpqtftKRVW8wMSNXTMnzq0NyrCQgN6xR1FJ9 PMlSzD3Ja0EF7JFjMjSvUb33G1c4f9laCQgm6t4Wp4v2kWDGYo5yOsmkKisGCEFd HvpQzLAov3ZrBCJz91VuCrt5LZSanI8PQTWK07EnozvObhQgYlBSuCGx0r2Zw8gQ fjeyIPEZWMwdyQqNfzxUZalLl8J5ZLMrbLg0NLevxbtpWhpZDfUDwGNiSfxqhQL0 fNrIsBBw5PYDnTeJ4tI7Z6Xm1Q3boBB8TLnXhPzqx/7GvtyJPgfqToiMF1b9PFlU PPxKb1Uw9ksW/m6ktYLGgRV4iEqaodyvTdDpktK2JYdP7EOrYWu0nm16Kio75nE7 GsEWJMcQrIHwoEKfR0R4aG5cY+n49SFZnWu2iJu+Ts6noPaGaoeWSTi5zOu0kCXk qe7HNzi6+J4= =DuwC -----END PGP SIGNATURE-----