Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2020.0048
Data Exchange Layer Broker (Windows) update fixes "Unquoted service
executable path" vulnerability (CVE-2020-7252) (SB10307)
17 February 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: McAfee Data Exchange Layer
Operating System: Windows
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Denial of Service -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-7252
Member content until: Wednesday, March 18 2020
OVERVIEW
McAfee Data Exchange Layer Broker update fixes
"Unquoted service executable path" vulnerability (CVE-2020-7252) [1]
IMPACT
McAfee has provided the following information regarding the vulnerability and impact:
"CVE-2020-7252
Unquoted service executable path in Data Exchange Layer Broker in McAfee Data
Exchange Layer Framework 6.0.0 and earlier, allows local users to cause a
denial-of-service and malicious file execution via carefully crafted and named
executable files." [1]
MITIGATION
McAfee recommends the following actions:
"To remediate this issue, go to the Product Downloads site, and download the
applicable product hotfix file" [1]
REFERENCES
[1] Data Exchange Layer Broker (Windows) update fixes "Unquoted service
executable path" vulnerability (CVE-2020-7252) (SB10307)
https://kc.mcafee.com/corporate/index?page=content&id=SB10307
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXkoGQWaOgq3Tt24GAQjL3xAAy/4MN9RuH3u1WzgPLd9QHJ4m8hFDxA3K
RCL/SZlIdvkJwV5OtfqOVbcr/q8xDIXOoEXI0HbnZExh5gpJf5UHRcYUkgAekk8L
ci9oe7IEdusuxrczOAWq+kHNxopJgXZDyrfGjx5SQNr8gETh3wo72uaz1adVLRMr
kH5TQVZTuxYW+8XcO7XxFCK0cKxBfVGFNzVZ4/i6kosdRIIAGjGuqZmbnrASf6nb
waQO1GxuTQP0W2l/Ys6eZ0y89bY8AmIoRvPAo7X/mjbdCAnmXTvaszlmbVaae/U9
ujzRu+W3IDHmcpFnZmiKRTAvFYM4oE992wGCsSnmSWGtU3fKfn/7qG/TgMchpbL2
6HXt09aY5GXMcqLdA/9b/RUAwlzsq9qQ/Q5gomPKDRItqmQgabZg39YQUbiIk+yM
zPJ1ceVBj5NdpJ8o8NOYmzGKRKWztqQYkE5Xc4kYzbK1DfoxhPxDyr2ATIakd0w+
JZjW5uvv6jW7Olrl+9IDnvqKEGOfOn+gXasfig/2wx7xaO4Vb9mSUaq5hWiN8FHO
2d/rB9ti14A7de56HQpkATYhsZZHgSvW9gHDwp9h0KApqvclwCQDdvecnQ/ImEwE
qt9inCyJHlp/ycaXPyPkIO3x/qgLglWYaNYg225y1uDiXnpZ+t0m4htOLSJbXEK2
AWfo1ztCrkI=
=rtqq
-----END PGP SIGNATURE-----