Operating System:

[Appliance]

Published:

07 December 2017

Protect yourself against future threats.

//Service

Phishing Take-Down

Drawing on our strong international CERT relationships we have a high success rate in delivering phishing take-downs.

Read more
Resources > Security Bulletins > ASB-2017.0208 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2017.0208
              McAfee Security Bulletin - Email Gateway update
                              7 December 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              McAfee Email Gateway
Operating System:     Network Appliance
Impact/Access:        Access Privileged Data         -- Remote/Unauthenticated
                      Denial of Service              -- Remote/Unauthenticated
                      Provide Misleading Information -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
CVE Names:            CVE-2016-6308 CVE-2016-6307 CVE-2016-6306
                      CVE-2016-6305 CVE-2016-6304 CVE-2016-6303
                      CVE-2016-6302 CVE-2016-2183 CVE-2016-2182
                      CVE-2016-2181 CVE-2016-2180 CVE-2016-2179
                      CVE-2016-2178 CVE-2016-2177 CVE-2016-1286
                      CVE-2016-1285 CVE-2015-8704 
Member content until: Saturday, January  6 2018
Reference:            ASB-2016.0017
                      ESB-2016.1473
                      ESB-2016.1068
                      ESB-2016.1042

OVERVIEW

        A vulnerability has been identified in McAfee Email Gateway prior to 
        versions 7.6.404h1128596-3334.102 [1,2]


IMPACT

        The vendor has provided the following details regarding the 
        vulnerabilities:
        
        "Impact of Vulnerability: Denial of Service (CWE-730, OWASP 2004:A9)
        
        Description
        These vulnerabilities allow remote authenticated users to cause a 
        denial of service via a malformed APL or DNAME record.
        
        CVE-2016-1286
        CVE-2016-1285
        CVE-2015-8704" [1]
        
        "Impact of Vulnerability:  Information Leak / Disclosure (CWE-717, 
        OWASP 2004:A6)Denial of Service (CWE-730, OWASP 2004:A9)
        
        Disclaimer
        Description
        These vulnerabilities allows remote authenticated users to cause a 
        denial of service via a number of different attacks, obtain clear text 
        data via a "Sweet32" attack, or obtain a DSA private key via a timing 
        side channel attack.
        
        CVE-2016-6308
        CVE-2016-6307
        CVE-2016-6306
        CVE-2016-6305
        CVE-2016-6304
        CVE-2016-6303
        CVE-2016-6302
        CVE-2016-2183
        CVE-2016-2182
        CVE-2016-2181
        CVE-2016-2180
        CVE-2016-2179
        CVE-2016-2178
        CVE-2016-2177" [2]


MITIGATION

        McAfee recommends users  Install or update to McAfee Email Gateway (MEG) 
        7.6.404h1128596-3334.102 [1,2]


REFERENCES

        [1] McAfee Security Bulletin - Email Gateway update fixes denial of
            service vulnerabilities (CVE-2016-1286, CVE-2016-1285, and
            CVE-2015-8704)
            https://kc.mcafee.com/corporate/index?page=content&id=SB10214

        [2] McAfee Security Bulletin - Email Gateway update fixes several
            OpenSSL vulnerabilities
            https://kc.mcafee.com/corporate/index?page=content&id=SB10215

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWii53Yx+lLeg9Ub1AQj3Ww/8D+/7IQmziapidcDBA63IIWOvqN3ZTOyZ
j5qtEVzQ+YB8Tsm4cPGwfvZANLUKgjw4VMcTUOcn6lDIM7A7Puu6bs7BG+xiqL/c
rorJE1EyfOrNnxmxpU8wwmwI/8vaj7iveyWoXzwv7C0Ymn5Z9e0ZRcsAWEr6our5
BC002wzUz8M5yY4nR8X5M6O35XsHI2EF3coKNn1SJEB3YNlE7xKd3RynR7du9FjC
NOVv6rzznk5LrP8YU2BcMlax7Q0wpt8v2q1jHGU5pO9SR4HPB3mK3BMnZPYrJi4k
CKR+zJa90gaqvagxRu48+hKD/rPjnbb5CPMfjuDQzPjR/muclj4/Jw7SiuVNiHzP
HtV7hjUluvTRQFEwNvBM0iAEo3tcD3I9A0rNIvYumioihG2YMMTXeVR72UoW1oLS
UEtUL/8Sh6Gkg2ytqHBZGWVobCMuu6U2tVWmqLusdz+dhMXU0AWLK+gpSxh0gEbb
C5BagtWkYWtxoJRtPHuRimWNJCRqYWrCed//ZzEeBd+44VynUGXzlN5ZUBcsUGrs
y3t/fT1Z/5B4s41z6eUSVfU2F9wLy03OgHqpS35j/sCJRbYXlPHMhD8B/3uJJv4B
n+vTkYYRz0E6UJubAEeJ3JDgWSsW4ELCdX8t34FNerGJtjn/j5dpmfMi7WtQp/Fd
3f9d1nCB2VE=
=u9X6
-----END PGP SIGNATURE-----