Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0010 Multiple vulnerabilities have been identified in McAfee Web Gateway (MWG) 11 January 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: McAfee Web Gateway Operating System: Windows Linux variants Virtualisation Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Provide Misleading Information -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-3581 CVE-2018-12327 CVE-2018-11784 CVE-2018-7170 Member content until: Sunday, February 10 2019 Reference: ASB-2018.0096 ESB-2018.3271 ESB-2018.3239 ESB-2018.3049 ESB-2018.0679 OVERVIEW Multiple vulnerabilities have been identified in McAfee Web Gateway (MWG) in versions prior to 7.7.2.19, 7.8.2.5 and 8.0.2. [1] IMPACT Details of the vulnerabilities can be found below: "CVE-2019-3581: An unauthenticated user can cause a denial of service attack against the proxy component of McAfee Web Gateway. NOTE: The following link was not yet populated with CVE details at the time of publication of this Security Bulletin. https://nvd.nist.gov/vuln/detail/CVE-2019-3581 CVE-2018-11784: When the default servlet in Apache Tomcat returned a redirect to a directory (for example, redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attacker's choice. https://nvd.nist.gov/vuln/detail/CVE-2018-11784 CVE-2018-12327: The ntpq and ntpdc command-line utilities that are part of the ntp package are vulnerable to stack-based buffer overflow via crafted hostname. Applications using these vulnerable utilities with an untrusted input may be potentially exploited, resulting in a crash or arbitrary code execution under privileges of that application. https://nvd.nist.gov/vuln/detail/CVE-2018-12327 CVE-2018-7170: A flaw was found in ntpd making it vulnerable to Sybil attacks. An authenticated attacker could target systems configured to use a trusted key in certain configurations and to create an arbitrary number of associations and subsequently modify a victim's clock. https://nvd.nist.gov/vuln/detail/CVE-2018-7170" [1] MITIGATION McAfee recommends installing or updating to the following versions: McAfee Web Gateway (MWG) 7.7.2.19 MWG 7.8.2.5 (Main Release) MWG 8.0.2 (Controlled Release) [1] REFERENCES [1] McAfee Security Bulletin - Web Gateway updates fix four vulnerabilities (CVE-2019-3581, CVE-2018-11784, CVE-2018-12327, and CVE-2018-7170) https://kc.mcafee.com/corporate/index?page=content&id=SB10264 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXDg0wWaOgq3Tt24GAQjorxAAx0SYu4QxPsWD25+39hmCYDhXJldeo6LH Mz+I289xiciETsWQXXTcPZssVXLF9Mli+6EFG0JKDNkUOVs083541OGuXJRk137P jOmO24W5htMvmgtvKZZ8fV3JzTcrqVhS3MpASdVM3vZYsqZyaKG0IbjvFmXfPFKA EYYIKE/IBZLIdGNW9k0QfrdnVvEQmPQldckQhS9qNBD05afl8n7IaGjxkrfK5OTF NBxK1mp26zMPLaqPWoZsTAS6q+jHWLUp4KHOf5h0cRU8pOR0c/ZKOKO94c1OoUzY 9idITL4Oe234ToWSOxAURPbVPJnvQR8iwLanDznRXpQjrcF6h42EksyX6Es81+44 grrX/ZwcPIe9GbiuMaddFPtLo81TBJK0gshgyIffcZKh5NElyYKKbYmhaQVsU1XO /gkSXDGYD9VeiqZVs9gmwDX4sknuKgoZo6XDS+kXpRqxofNDXJclH0RLPZtt+sMB Ng+G3J6evBdrjWC3KKxfLo9RI+5IRmS8RNV/+6BiG/YzilJduC+kamXaoiVoZkq3 KXkRWcyiPtj6j5wDyZPtxYietUdarPibGvw5rBYyM/XWwFYzBfuZQLuP8o0d1UEB KMWOD0pR9SCQgLm1KjRKzS9YkHnVc+9DQLC/BN3Y6DQ8SKBZtTJ7P2XtniNPB6cY GmVD7hHDqGk= =E6U9 -----END PGP SIGNATURE-----