28 July 2017
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2017.0126 Multiple vulnerabilities have been identified in McAfee Web Gateway 28 July 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: McAfee Web Gateway Operating System: Network Appliance Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Root Compromise -- Existing Account Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2017-1000368 CVE-2017-1000366 CVE-2017-1000364 CVE-2012-6706 Member content until: Sunday, August 27 2017 Reference: ESB-2017.1673 ESB-2017.1656 ESB-2017.1652 OVERVIEW Multiple vulnerabilities have been identified in McAfee Web Gateway: CVE-2012-6706, CVE-2017-1000364, CVE-2017-1000366, and CVE-2017-1000368.  IMPACT McAfee has provided the following information concerning the vulnerabilities: "CVE-2012-6706: A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the "DestPos" variable, which allows the attacker to write out of bounds when setting Mem[DestPos]. https://nvd.nist.gov/vuln/detail/CVE-2012-6706 CVE-2017-1000364: An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed). This affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010). https://nvd.nist.gov/vuln/detail/CVE-2017-1000364 CVE-2017-1000366: glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. https://nvd.nist.gov/vuln/detail/CVE-2017-1000366 CVE-2017-1000368: Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution. https://nvd.nist.gov/vuln/detail/CVE-2017-1000368"  MITIGATION The vendor recommends upgrading to the latest versions of McAfee Web Gateway.  REFERENCES  McAfee Security Bulletin - Web Gateway update fixes vulnerabilities CVE-2012-6706, CVE-2017-1000364, CVE-2017-1000366, and CVE-2017-1000368 https://kc.mcafee.com/corporate/index?page=content&id=SB10205 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: firstname.lastname@example.org Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWXramox+lLeg9Ub1AQgCUg//bYHMMQ2W7RkDvszd5mQyPJVUBFDZW2mZ Up8gL7ipUBX9PZLv9i4BKnzYC90o+nPWtYw6qQJnZSDy/JFxDJUP44mBHN/M1KTy GwSEBaf4O99FVMtBck4WIHKexh1xUmXD1EKGINPfewCaI+dXSWi+Vx12aYBOguYh f5EPgW8BJzp2n+6ksH7K4DlIvFSimG94uz5Tri2fM/eOkeAZ/QZeVpH9bo4t2i7H lMYqmdVVfqFl6bNiK2J/FNIKNwqM/KCyWqGElJiGdfu5+NHnfSkuoBkP5JSpRcmF gvAYWpiyTwWcpCpP3uAclU+/wFAIz8xoNah1rYLMCOSB3OH0f5YWQVJBCZlkEDAi XiVaR3RidMhlh97BsCqQtvy1VgPcFSSIbxg79sqPFbLr0bcOlVz+GUfbLwzJQ13d 71grHpha0aM+4lmPR/ZtLg/0PPcJ+NgugTdfZIw2za6uyQymk+N/Y2+Aka8KhPVN y0ZIyZnfCrhdD0vEtGl0Pj/FdC2G1D61XzcESxvvbRkyodh38GEUPhEjLg4q74Z6 jnOIs7xw/7hdDHQeM1hr0VIlMh6vTLKi4KrYblmy6z6bmiYFfbW67r3isjoHw9wc sqDe+RoitC1hoIgOKvIrB5SGkAUxR2cwiqQRpTrxdNvqCk0y2JTN9CpXhS5raPRm ebGVKAtkGYM= =JpHQ -----END PGP SIGNATURE-----