Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2018.0307 Multiple security vulnerabilities fixed in McAfee Agent 13 December 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: McAfee Agent Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Increased Privileges -- Existing Account Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2018-6707 CVE-2018-6706 CVE-2018-6705 CVE-2018-6704 CVE-2018-6703 Member content until: Saturday, January 12 2019 OVERVIEW McAfee has published McAfee Agent 5.6.0, which resolves multiple security vulnerabilities. [1][2][3] IMPACT McAfee has provided the following information on the vulnerabilities. "1. CVE-2018-6703: Incorrect memory and handle management Use After Free in McAfee Common service in McAfee Agent (MA) 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted TCP packet. NOTE: The following links were not yet populated with CVE details at the time of publication of this Security Bulletin. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6703 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6703" [1] "2. CVE-2018-6704: Privilege escalation due to use of insecure temporary files Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions. NOTE: The following links were not yet populated with CVE details at the time of publication of this Security Bulletin. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6704 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6704" [2] "3. CVE-2018-6705: Privilege escalation vulnerability Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6705 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6705 4. CVE-2018-6706: Incorrect use of temporary files Insecure handing of temporary files in non-Windows McAfee Agent 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows an Unprivileged User to introduce custom paths during agent installation in Linux via unspecified vectors. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6706 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6706 5. CVE-2018-6707: Insecure usage of temporary files Denial of Service through Resource Depletion vulnerability in the agent in non-Windows McAfee Agent (MA) 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to cause DoS, unexpected behavior, or potentially unauthorized code execution via knowledge of the internal trust mechanism. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6707 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6707" [3] MITIGATION McAfee advises updating to McAfee Agent 5.6.0 to address these vulnerabilities. [1][2][3] REFERENCES [1] McAfee Security Bulletin - McAfee Agent update fixes a use after free vulnerability (CVE-2018-6703) https://kc.mcafee.com/corporate/index?page=content&id=SB10258 [2] McAfee Security Bulletin - McAfee Agent for Linux update fixes a Privilege Escalation vulnerability (CVE-2018-6704) https://kc.mcafee.com/corporate/index?page=content&id=SB10259 [3] McAfee Security Bulletin - McAfee Agent update fixes multiple low severity security issues in non-Windows versions (CVE-2018-6705, CVE-2018-6706, and CVE-2018-6707) https://kc.mcafee.com/corporate/index?page=content&id=SB10260 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXBHffGaOgq3Tt24GAQhG3w//Rp9XZg9+yWXrT38nVV60eJJUKerCcj1W O2bsiJtr8ssg4tHymEABo9kxSnA59OUWODL6ils38kdEY6TAP5xbD9rE5khpiJ6y zdanIfwnvYVO3a7vuScIOotYfbaUq4aIZr13eftichOza1e2TeWYpb28N2PV1zXp 2nGEA9XJpF0yGX5hMYhbvPTKWCHuQWjBo4D4lo3H7T0tuUhkvCQpPcK6RNd55loR K0GQc6lDUBWjom/YzCyee5zTvI9iYKm9s0X/yUB8JksXmduJjGu+usmERopS+GFq 603MRGqzTr7e9TrvLNOOoZbZxwm3eay3rZ7nGiSn8BDUuRFbD8TKjuF6UwmetuGj eKROdn/bQYKkry14M7OCFjPBZRNx3KQtqgeuGBDPN2JDV2ZMM7pW3jIVCrUJop5B i2E/77SNEdqFIvd/EDnIChIItZq1nsj0it8IiOtgu2MVVEgn99xb3+4OfQF/SmkI W4+ZR16xjSs2Ayn6SjlXX78vc/OvVO22OyPqP9/gmtWFcv9Y4IZRvTRlk/AeYITZ v0n/9hDxO2za+vleSh8p2k8qT8lx2wvrQi0EuxN5kz1WTiRzgbper1qI+2NhQVGU kNmEZppBhTMkrSV7vDo1T9L+SXFEjFa15t+X9DuMy/5JIHBebi+/sg1InNKuNw06 xC/TLd6vb/Y= =4+pS -----END PGP SIGNATURE-----