Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2018.0218 McAfee Security Bulletin - Endpoint Security for Linux Threat Prevention update fixes privilege escalation vulnerability allowing unprivileged users to delete arbitrary files (CVE-2018-6693) 19 September 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Endpoint Security for Linux Threat Prevention Operating System: Linux variants Impact/Access: Delete Arbitrary Files -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2018-6693 Member content until: Friday, October 19 2018 Reference: ESB-2018.0746 OVERVIEW A vulnerability has been identified in McAfee Endpoint Security for Linux Threat Prevention (ENSLTP) prior to versions 10.2.3 with Hotfix 1251530 and 10.5.1 with Hotfix 1251617. [1] IMPACT McAfee has provided the following details regarding the vulnerabilities: "CVE-2018-6693 By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escalation to delete arbitrary files." [1] "An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier." [1] MITIGATION McAfee advises: "To remediate this issue, go to the Product Downloads site, and download the applicable product hotfix files: +-------+--------------+------+-----------------------------------+-----------+ |Product|Version |Type |File Name |Release | | | | | |Date | +-------+--------------+------+-----------------------------------+-----------+ | | | |ISecTP-10.2.3-<build_number> | | |ENSLTP |10.2.3 Hotfix |Hotfix|-HF1251530-standalone.tar.gz |September | | |1251530 | |ISecTP-10.2.3-<build_number> |11, 2018 | | | | |-HF1251530-ePO.zip | | +-------+--------------+------+-----------------------------------+-----------+ | | | |ISecTP-10.5.1-<build_number> | | |ENSLTP |10.5.1 Hotfix |Hotfix|-HF1251617-standalone.tar.gz |September | | |1251617 | |ISecTP-10.5.1-<build_number> |11, 2018 | | | | |-HF1251617-ePO.zip | | +-------+--------------+------+-----------------------------------+-----------+ Download and Installation Instructions See KB56057 for instructions on how to download McAfee products, documentation, updates, and hotfixes. Review the Release Notes and the Installation Guide, which you can download from the Documentation tab, for instructions on how to install these updates." [1] McAfee does provide configuration change instructions in the advisory as a temporary workaround for those who cannot upgrade. [1] REFERENCES [1] McAfee Security Bulletin - Endpoint Security for Linux Threat Prevention update fixes privilege escalation vulnerability allowing unprivileged users to delete arbitrary files (CVE-2018-6693) https://kc.mcafee.com/corporate/index?page=content&id=SB10248 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW6HrS2aOgq3Tt24GAQgQrhAAsHrwiT28lDRKER0ehZykFlcKlWiQ7gfh 5CO2heou3fZO5N7/MHAzMJ/rSrIGw78ZQ3BUteOsZjeBZkozlzBQmZVadtTId984 c0V/N5uZfVbuPdkwht6BEZsLjHOOkcn9zS8ahZ+qUy9/8FK8P1HJccRrxBuJqxIu PZOr7TmeEa02hp/cs5lAS7RMpPWlmGLLCuMIAtWJfTyahqW4WJ0/+faRul3sw8g4 31Z/18js+iwEIi8Ak91wOjWurQe5tx+2LZZITjKJ1PXJ/Z1lsXUFX6XMH7zxx4R9 QKHxJ4b42d2MPSicAyA4PvF32go0kgw+sZeNG2AvLWEbL88NOxwroj6OcVoYq2B8 G7YVu2oknEGcYlQQVRcV2uuKvxaWhmtYZV3pbLbltMZeQhjziI/VDhY7E/YAQeYG 3mmKFn32H/5wZZwl3+kwOSwnb+ixHMghpAEfX4GZkPxTequgEhgBa838DEhEMpl9 wp/BGrXXxi+Qx3D+5sou00H5hZQl47sev4nxJ5PM02RBtAFJ4rEaRsF+L/4RwhEM IcjXmTh4XnqfwmTK1cMJX5+TtrhrfDi9H+MFCag5S1XAwA+1LZP0briEyeU97fEc iVIbPAXMhTM9gaIqmuIji3i+bfM2zJvGlejBR+j7kUeGiRjyQhIEuAHw6d9vpkDN UGcCgX4Nrzo= =T2Tw -----END PGP SIGNATURE-----