Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2018.0312 Application and Change Control update fixes Bypass Application Control issue with simple DLL or through an ASP.NET 21 December 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Application and Change Control Operating System: Linux variants Windows Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Unauthorised Access -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2018-6669 CVE-2018-6668 Member content until: Sunday, January 20 2019 OVERVIEW McAfee has addressed multiple vulnerabilities in Application and Change Control before 7.0.1. [1] IMPACT McAfee has provided the following information about the vulnerabilities: "CVE-2018-6668 Bypass Application Control with simple DLL A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows execution bypass, for example, with simple DLL trough interpreters such as PowerShell. CVE-2018-6669 Bypass Application Control through an ASP.NET form A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows a remote or local user to execute blacklisted files through an ASP.NET form." [1] MITIGATION McAfee advises: "To remediate this issue, go to the Product Downloads site, and download the applicable product update file:" [1] +-------+-------+---------+-----------------+ |Product|Type |File Name|Release Date | +-------+-------+---------+-----------------+ |MACC |Release|8.0.0 |December 16, 2016| +-------+-------+---------+-----------------+ REFERENCES [1] McAfee Security Bulletin - Application and Change Control update fixes Bypass Application Control issue with simple DLL or through an ASP.NET (CVE-2018-6668, CVE-2018-6669) https://kc.mcafee.com/corporate/index?page=content&id=SB10261 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXBxXd2aOgq3Tt24GAQgOWBAAreI8Kag9HE7tyP0SUDYdBjDRCM1hQVTZ 0Du8pluNMK7t182Ct37/FwZUQGxon1e4zuGubCEYZ4N6kcUqA4L4EBQfrvVElMLG bjpFNMKvf0zT3cT8OnmnaKCTdjTOXtg86fuSy9wbqh7gjjs42o20/TdZWnkITnEw ly867ngm8vbYIo8YqCdtswB7d1F8ObsmBj2dtDsvjuvSI7Xch7bX/OoB2rcvtTzH uQ8QH4sfk1NO7nMw4sQitCFBnF/c/Y2qpbYLf12tz6PtaN9a3NBgmLmNvOYj1wog C85XDuTC9FKP3XYcCpLB/KrUp22T+qTLi3AqOuvpDjWUMcLa1ZjVadvaku08K31v ea/dul3upsBCSe+Q3Zao3fHYWz8K0xAX3M7GxcgjXxf9U/5LnlMA9xF++94yaJR2 EhnVirTyPbDcwjUJSa7oyv15i7+5/b1leWUDlZtBDPBDAWWGmOyKJkE5kqweQY1N RLS8+YQRVakwfihcC+B3ncWkPIIEqUahguA86DzhvMja6KnlYXgJD/s61fIayNrb HGM8L0TSNv+UrGLW0JvzJeRmAJD0CkI0cIo5yOgBSAaFU6ZiCZybMBbrkG818GPr vMEqOtBa6UPSPFf79Fw1i0PvbU1FWeDmBN4ALMz4raV3L/1olLS+i+JOeAmKeg4C 10XN1Yb7d2A= =98qR -----END PGP SIGNATURE-----