Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0059.2 McAfee Security Bulletin - Web Gateway updates fix five vulnerabilities 18 February 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: McAfee Web Gateway Operating System: Windows Linux variants Virtualisation Impact/Access: Access Privileged Data -- Remote/Unauthenticated Provide Misleading Information -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2018-16395 CVE-2018-15473 CVE-2018-10846 CVE-2018-10845 CVE-2018-10844 Member content until: Wednesday, March 20 2019 Reference: ESB-2019.0473 ESB-2018.3717 ESB-2018.3467 ESB-2018.3444 ESB-2018.3309 Revision History: February 18 2019: Corrected Impact/Access analysis. February 18 2019: Initial Release OVERVIEW Multiple vulnerabilities have been identified in McAfee Web Gateway. IMPACT Details of the vulnerabilities can be found below: "CVE-2018-15473: OpenSSH is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed. https://nvd.nist.gov/vuln/detail/CVE-2018-15473 CVE-2018-16395: An issue was discovered in the OpenSSL library in Ruby. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. https://nvd.nist.gov/vuln/detail/CVE-2018-16395 CVE-2018-10844: It was found that GnuTLS's implementation of HMAC-SHA-256 was vulnerable to a Lucky Thirteen-style attack. A remote attacker could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets. https://nvd.nist.gov/vuln/detail/CVE-2018-10844 CVE-2018-10845: It was found that GnuTLS's implementation of HMAC-SHA-384 was vulnerable to a Lucky Thirteen-style attack. A remote attacker could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets. https://nvd.nist.gov/vuln/detail/CVE-2018-10845 CVE-2018-10846: A cache-based side channel attack was found in the way GnuTLS implements CBC-mode cipher suites. An attacker could use a combination of "Just in Time" Prime+probe and Lucky Thirteen attacks to recover plain text in a cross-VM attack scenario. https://nvd.nist.gov/vuln/detail/CVE-2018-10846"[1] MITIGATION McAfee recommends installing or updating to the following versions: "+-------+----------+-----------+-----------------------------------+----------+ |Product|Version |Type |File Name |Release | | | | | |Date | +-------+----------+-----------+-----------------------------------+----------+ |MWG |7.8.2.6 |Main |mwgappl-7.8.2.6.0-27882-x.86_64.iso|February | | |and later |Release | |12, 2019 | +-------+----------+-----------+-----------------------------------+----------+ |MWG |8.0.3 and |Controlled |mwgappl-8.0.3-27937-x.86_64.iso |February | | |later |Release | |12, 2019 | +-------+----------+-----------+-----------------------------------+----------+" [1] REFERENCES [1] McAfee Security Bulletin - Web Gateway updates fix five vulnerabilities https://kc.mcafee.com/corporate/index?page=content&id=SB10267 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXGn7SWaOgq3Tt24GAQidjw//UYzpBDpz5RGOgIBJgFzK8Mg0PZDO9Jj+ 8a6SwiCquPILlj5ykz3mqufxc1SwvPlQmXFlYrp+pTavhYk8mqW652Xke7/kuSb3 joSepRcoDGZzL3CKZ9E0JK9uCWomYpox8TjTf9ZPmb+M+BD4O282Iyc2jom03BAW l0dnzulrmfq3tGbFPSUj8LZsFwOpta6sXJRaUspWgJhtMvu/2eTUFNL8ZW3Us+uc Rx12KnCj6lM4H+gkamzj83NvMVGV6yPNd4K3rLvIznsliZKfFREHVsiEJRnbnn2/ U9mq83S6oRjYTbglTh6FxaZPHi63R/LrhLfF7LPNmARqT6jzIQJePXpuKjMP6hvZ aHEKidYHiR1pcc84n2HzZP33rkQO6CqvNwy4PFnHhif0mdaZ0zWER0XV3DCe3Ewk zjY68CK+eXA7XNkJ2oDnKf1kUD70d2EjpG/mLQh7PIi8lgmNIi/EAiBf7o2R1DRw TDZ3EjIt21eP3uusGlj1q3Fb07GeALXeRFxgMEc/tu3OYDmEdIotc6DuM2hcWRk7 iCPSnaKYmrmX46T80P/MNTDhqgiBthtJnd3Fx+/7pNnvLcde4iyNZdIcuSt+e8pm seUtHdBhUCXi+Tj4d3k2jt3iawuoiB/2ZhrxztBFBhztPkUOsqKNNAMjFMm0vROE eTjKneq6eKA= =RFCb -----END PGP SIGNATURE-----