-----BEGIN PGP SIGNED MESSAGE-----
AUSCERT Security Bulletin
McAfee Security Bulletin - Threat Intelligence Exchange Server 2.3.1 update
fixes Linux kernel, OpenSSH, and OpenSSL vulnerabilities
18 February 2019
AusCERT Security Bulletin Summary
Product: McAfee Threat Intelligence Exchange Server
Operating System: Linux variants
Impact/Access: Access Privileged Data -- Existing Account
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
CVE Names: CVE-2018-15919 CVE-2018-15473 CVE-2018-5407
Member content until: Wednesday, March 20 2019
Multiple vulnerabilities have been identified in McAfee
Threat Intelligence Exchange Server.
Details of the vulnerabilities can be found below:
The Linux kernel, versions 3.9+, is vulnerable to a denial of service
attack with low rates of specially modified packets targeting IP fragment
re-assembly. An attacker may cause a denial of service condition by sending
specially crafted IP fragments.
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not
delaying bailout for an invalid authenticating user until after the packet
containing the request has been fully parsed, related to auth2-gss.c,
auth2-hostbased.c, and auth2-pubkey.c.
Remotely observable behavior in auth-gss2.c in OpenSSH through 7.8 could be
used by remote attackers to detect existence of users on a target system
when GSS2 is in use.
During key agreement in a TLS handshake using a DH(E) based ciphersuite, a
malicious server can send a very large prime value to the client. This will
cause the client to spend an unreasonably long period of time generating a
key for this prime resulting in a hang until the client has finished. This
could be exploited in a Denial Of Service attack.
OpenSSL ECC scalar multiplication, used in, for example, ECDSA and ECDH,
has been shown to be vulnerable to a microarchitecture timing side channel
attack. An attacker with sufficient access to mount local timing attacks
during ECDSA signature generation could recover the private key.
McAfee recommends installing or updating to the following versions:
"TIE Server 2.3.1" 
 Threat Intelligence Exchange Server 2.3.1 update fixes Linux
kernel, OpenSSH, and OpenSSL vulnerabilities
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
Australian Computer Emergency Response Team
The University of Queensland
Internet Email: firstname.lastname@example.org
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----