Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.2013 SYMSA1426-SA161: Local Information Disclosure Due to Meltdown and Spectre Attacks 5 June 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Symantec products Publisher: Symantec Operating System: Windows Impact/Access: Access Privileged Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2017-5754 CVE-2017-5753 CVE-2017-5715 Reference: ASB-2019.0109 ASB-2018.0295 ESB-2019.1926 ESB-2019.1899 Original Bulletin: http://support.symantec.com/content/unifiedweb/en_US/article.SYMSA1426.html - --------------------------BEGIN INCLUDED TEXT-------------------- Security Advisory ID SYMSA1426 Initial Publication Date: 8 Jan 2018 Advisory Status: Open Advisory Severity: Medium CVSS Base Score: CVSS v2: 4.7 Legacy ID: SA161 Summary Affected Products The following products are vulnerable. All hardware platforms are affected unless specified otherwise : +-----------------------------------------------------------------+ | Content Analysis (CA) | +--------+-------------------+------------------------------------+ | CVE |Affected Version(s)|Remediation | +--------+-------------------+------------------------------------+ | |2.3 |Not available at this time | | +-------------------+------------------------------------+ |All CVEs|2.2 |Upgrade to later release with fixes.| | +-------------------+------------------------------------+ | |2.1 |Upgrade to later release with fixes.| +--------+-------------------+------------------------------------+ +-------------------------------------------------------+ | Malware Analysis (MA) | +--------+-------------------+--------------------------+ | CVE |Affected Version(s)|Remediation | +--------+-------------------+--------------------------+ |All CVEs|4.2 |Not available at this time| +--------+-------------------+--------------------------+ +-----------------------------------------------------------------+ | Security Analytics | +--------+-------------------+------------------------------------+ | CVE |Affected Version(s)|Remediation | +--------+-------------------+------------------------------------+ | |8.0 |Not vulnerable, fixed in 8.0.1. | | +-------------------+------------------------------------+ | |7.3 |Upgrade to 7.3.3. | |All CVEs+-------------------+------------------------------------+ | |7.2 |Upgrade to later release with fixes.| | +-------------------+------------------------------------+ | |7.1 |Upgrade to later release with fixes.| +--------+-------------------+------------------------------------+ +-----------------------------------------------------------------+ | X-Series XOS | +--------+-------------------+------------------------------------+ | CVE |Affected Version(s)|Remediation | +--------+-------------------+------------------------------------+ | |11.0 |Not available at this time | | +-------------------+------------------------------------+ |All CVEs|10.0 |Upgrade to later release with fixes.| | +-------------------+------------------------------------+ | |9.7 |Upgrade to later release with fixes.| +--------+-------------------+------------------------------------+ Additional Product Information Content Analysis (CA) is only vulnerable when configured with on-box sandboxing. Security Analytics is only vulnerable when an administrator user executes malicious code on the appliance. X-Series XOS is only vulnerable when an administrator user accesses the XOS diagnostics functionality and executes malicious code on the appliance. The NPM-8620 (standalone and in X20 chassis), NPM-8650, and NPM-9600 platforms are not affected. The following products use affected CPU chipsets, but do not allow administrators to execute arbitrary code and are not vulnerable to known vectors of attack: Advanced Secure Gateway CacheFlow (CF5000-CX and CF5000-MX platforms are not affected by Meltdown) Content Analysis 1.3 Director Mail Threat Defense Management Center Norman Shark Industrial Control System Protection PacketShaper PacketShaper S-Series PolicyCenter S-Series ProxyAV ProxySG (SG300, SG600, and SG9000 platforms are not affected by Meltdown) Reporter 10.1 SSL Visibility The following products run as userspace applications on customer-provided hardware platforms and operating systems. The vulnerabilities addressed in this security advisory are not present in our applications, but these applications can be targeted by an attacker if the underlying hardware platforms and operating systems are vulnerable: Android Mobile Agent AuthConnector BCAAA Client Connector Cloud Data Protection for Salesforce Cloud Data Protection for Salesforce Analytics Cloud Data Protection for ServiceNow Cloud Data Protection for Oracle CRM On Demand Cloud Data Protection for Oracle Field Service Cloud Cloud Data Protection for Oracle Sales Cloud Cloud Data Protection Integration Server Cloud Data Protection Communication Server Cloud Data Protection Policy Builder General Auth Connector Login Application HSM Agent for the Luna SP IntelligenceCenter IntelligenceCenter Data Collector K9 PolicyCenter ProxyClient ProxyAV ConLog and ConLogXP Reporter 9.5 Unified Agent Issues +--------------------------------------------------------------------------------------------------------------------------------------+ | CVE-2017-5715 (Spectre variant 2) | +-----------+--------------------------------------------------------------------------------------------------------------------------+ |Severity / |Medium / 4.7 (AV:L/AC:M/Au:N/C:C/I:N/A:N) | | CVSSv2 | | +-----------+--------------------------------------------------------------------------------------------------------------------------+ |References |SecurityFocus: BID 102376 / NVD: CVE-2017-5715 | +-----------+--------------------------------------------------------------------------------------------------------------------------+ | Impact |Information disclosure | +-----------+--------------------------------------------------------------------------------------------------------------------------+ | |Spectre variant 2 exploits an information disclosure vulnerability in CPU | | |chipsets that support speculative execution through branch prediction. A | | |malicious userspace application can obtain unauthorized access to sensitive | |Description|data from the memory space of the same or a different userspace application by | | |accessing data left uncleared in the CPU cache after speculatively executed CPU | | |instructions loaded due to a mispredicted branch target. The attack may also | | |allow malicious code running as a guest in a virtual machine to obtain | | |unauthorized access to sensitive data from the VM hypervisor memory. | +-----------+--------------------------------------------------------------------------------------------------------------------------+ +--------------------------------------------------------------------------------------------------------------------------------------+ | CVE-2017-5753 (Spectre variant 1) | +-----------+--------------------------------------------------------------------------------------------------------------------------+ |Severity / |Medium / 4.7 (AV:L/AC:M/Au:N/C:C/I:N/A:N) | | CVSSv2 | | +-----------+--------------------------------------------------------------------------------------------------------------------------+ |References |SecurityFocus: BID 102371 / NVD: CVE-2017-5753 | +-----------+--------------------------------------------------------------------------------------------------------------------------+ | Impact |Information disclosure | +-----------+--------------------------------------------------------------------------------------------------------------------------+ | |Spectre variant 1 exploits an information disclosure vulnerability in CPU | | |chipsets that support speculative execution through branch prediction. A | |Description|malicious userspace application can obtain unauthorized access to sensitive | | |data from the memory space of the same or a different userspace application by | | |accessing data left uncleared in the CPU cache after speculatively executed CPU | | |instructions loaded due to an incorrect brant prediction. | +-----------+--------------------------------------------------------------------------------------------------------------------------+ +--------------------------------------------------------------------------------------------------------------------------------------+ | CVE-2017-5754 (Meltdown) | +-----------+--------------------------------------------------------------------------------------------------------------------------+ |Severity / |Medium / 4.7 (AV:L/AC:M/Au:N/C:C/I:N/A:N) | | CVSSv2 | | +-----------+--------------------------------------------------------------------------------------------------------------------------+ |References |SecurityFocus: BID 102378 / NVD: CVE-2017-5754 | +-----------+--------------------------------------------------------------------------------------------------------------------------+ | Impact |Information disclosure | +-----------+--------------------------------------------------------------------------------------------------------------------------+ | |The Meltdown attack exploits an information disclosure vulnerability in CPU | | |chipsets that support out-of-order execution. It allows a malicious userspace | | |application to access sensitive information from the kernel memory spaces or | | |from the memory spaces of another userspace application. If a userspace | |Description|application attempts to access a memory location reserved for the operating | | |system, the system triggers an exception. A CPU chipset supporting out-of-order | | |execution may fetch sensitive data and store it in the CPU cache before | | |detecting the exception. The data remains uncleared in the CPU cache, where a | | |malicious userspace application can access it via side-channel analysis. | +-----------+--------------------------------------------------------------------------------------------------------------------------+ References Meltdown and Spectre - https://meltdownattack.com/ CERT Vulnerability Note VU#584653 - https://www.kb.cert.org/vuls/id/584653 Revisions 2019-01-21 A fix for Security Analytics 7.3 is available in 7.3.3. Security Analytics 8.0 is not vulnerable because a fix is available in 8.0.1. 2018-04-25 A fix for XOS 9.7 will not be provided. Please upgrade to a later version with the vulnerability fixes. 2018-04-22 CA 2.3 is vulnerable. 2018-04-01 All hardware platforms are affected unless specified otherwise in the Affected Products section. 2018-01-09 PolicyCenter (non S-Series) and Reporter 9.5 run as userspace applications on customer-provided hardware platforms and operating systems. The vulnerabilities addressed in this security advisory are not present in these applications, but they can be targeted by an attacker if the underlying hardware platforms and operating systems are vulnerable. 2018-01-08 initial public release Legacy ID SA161 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXPcwAGaOgq3Tt24GAQh9Dw/+IWejBfLIstXWZ/lyN7t9MhFENCp1tlfC iKb6nPxfO42g9d+IEgGwvYA2oCi0xGMKGR/BHWlVPYpCMUIlUWU0Lad12tD8MT2X R49L9pmo3Z9tgRulLQW9/AbRI2Mog+V88ZrnRd47crFP2YrbpzLiowmOAB/uNfSd tXtAljovG8E5v6HIbmUHV/YalOfitPLvUrqSLZKEPAq47D4SUwgOlI8e8gpCgxGM XQws1uvKhT0naHi5d0UX+rW8zheUTyG2IFEYHN6z/TLIoNA3764VHqC7Cf3bwjZt 4P99WAv/v+3LNXKvOVyzsHPg83rjrVgLD4U5vnUAh1Du2z7oM50hvtM/VPOIQKiO TQaUYyqQAEXOagjXKTTn7gKt3SttGnAVZ9HveFVZsPuqV8fFr5e4ijN1ORi8WtTd pRDWVr949d931c0nRbJDtlpaSzfKEP0nP+DAFiGkGVbPer0YSq/81pcq3/+VwVeV MrFhmnr4HiOHduqJaJYBOgMlWrJhpuQOQWPpUduyW24G4Ezcxi0pnkVjczNdAejK ChuYbIzmTeOWhThl4bj1Dvve8oDH2iY3POS2yu+TB9rQTjhkKKE0ySVIDwHzj93b BrOpzsNgOfJCV6DkQlWOdf3c9n0tsfKTRdGCKl/iHS3Lftsp9uGx0CEsLtCP/nfw CYh85aEr96A= =p3oT -----END PGP SIGNATURE-----