ASB-2018.0307 - [Win][UNIX/Linux] McAfee Agent: Multiple vulnerabilities 2018-12-13

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2018.0307
          Multiple security vulnerabilities fixed in McAfee Agent
                             13 December 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              McAfee Agent
Operating System:     UNIX variants (UNIX, Linux, OSX)
                      Windows
Impact/Access:        Execute Arbitrary Code/Commands -- Existing Account      
                      Increased Privileges            -- Existing Account      
                      Denial of Service               -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
CVE Names:            CVE-2018-6707 CVE-2018-6706 CVE-2018-6705
                      CVE-2018-6704 CVE-2018-6703 
Member content until: Saturday, January 12 2019

OVERVIEW

        McAfee has published McAfee Agent 5.6.0, which resolves multiple
        security vulnerabilities. [1][2][3]


IMPACT

        McAfee has provided the following information on the vulnerabilities.
        
        "1. CVE-2018-6703: Incorrect memory and handle management
            Use After Free in McAfee Common service in McAfee Agent (MA) 5.0.0 through
            5.0.6, 5.5.0, and 5.5.1 allows remote attackers to cause a denial of service
            (use-after-free) or possibly have unspecified other impact via a crafted TCP
            packet.
            NOTE: The following links were not yet populated with CVE details at the time
            of publication of this Security Bulletin.
            http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6703  
            http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6703" [1]
        
        "2. CVE-2018-6704: Privilege escalation due to use of insecure temporary files
            Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through
            5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command
            execution via specific conditions.
            NOTE: The following links were not yet populated with CVE details at the time
            of publication of this Security Bulletin.
            http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6704  
            http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6704" [2]
        
        "3. CVE-2018-6705: Privilege escalation vulnerability
            Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0
            through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary
            command execution via specific conditions.
        
            http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6705  
            http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6705
             
         4. CVE-2018-6706: Incorrect use of temporary files
            Insecure handing of temporary files in non-Windows McAfee Agent 5.0.0
            through 5.0.6, 5.5.0, and 5.5.1 allows an Unprivileged User to introduce
            custom paths during agent installation in Linux via unspecified vectors.
        
            http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6706  
            http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6706
             
         5. CVE-2018-6707: Insecure usage of temporary files
            Denial of Service through Resource Depletion vulnerability in the agent in
            non-Windows McAfee Agent (MA) 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows
            local users to cause DoS, unexpected behavior, or potentially unauthorized
            code execution via knowledge of the internal trust mechanism.
        
            http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6707  
            http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6707" [3]


MITIGATION

        McAfee advises updating to McAfee Agent 5.6.0 to address these
        vulnerabilities. [1][2][3]


REFERENCES

        [1] McAfee Security Bulletin - McAfee Agent update fixes a use after
            free vulnerability (CVE-2018-6703)
            https://kc.mcafee.com/corporate/index?page=content&id=SB10258

        [2] McAfee Security Bulletin - McAfee Agent for Linux update fixes a
            Privilege Escalation vulnerability (CVE-2018-6704)
            https://kc.mcafee.com/corporate/index?page=content&id=SB10259

        [3] McAfee Security Bulletin - McAfee Agent update fixes multiple low
            severity security issues in non-Windows versions (CVE-2018-6705,
            CVE-2018-6706, and CVE-2018-6707)
            https://kc.mcafee.com/corporate/index?page=content&id=SB10260

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXBHffGaOgq3Tt24GAQhG3w//Rp9XZg9+yWXrT38nVV60eJJUKerCcj1W
O2bsiJtr8ssg4tHymEABo9kxSnA59OUWODL6ils38kdEY6TAP5xbD9rE5khpiJ6y
zdanIfwnvYVO3a7vuScIOotYfbaUq4aIZr13eftichOza1e2TeWYpb28N2PV1zXp
2nGEA9XJpF0yGX5hMYhbvPTKWCHuQWjBo4D4lo3H7T0tuUhkvCQpPcK6RNd55loR
K0GQc6lDUBWjom/YzCyee5zTvI9iYKm9s0X/yUB8JksXmduJjGu+usmERopS+GFq
603MRGqzTr7e9TrvLNOOoZbZxwm3eay3rZ7nGiSn8BDUuRFbD8TKjuF6UwmetuGj
eKROdn/bQYKkry14M7OCFjPBZRNx3KQtqgeuGBDPN2JDV2ZMM7pW3jIVCrUJop5B
i2E/77SNEdqFIvd/EDnIChIItZq1nsj0it8IiOtgu2MVVEgn99xb3+4OfQF/SmkI
W4+ZR16xjSs2Ayn6SjlXX78vc/OvVO22OyPqP9/gmtWFcv9Y4IZRvTRlk/AeYITZ
v0n/9hDxO2za+vleSh8p2k8qT8lx2wvrQi0EuxN5kz1WTiRzgbper1qI+2NhQVGU
kNmEZppBhTMkrSV7vDo1T9L+SXFEjFa15t+X9DuMy/5JIHBebi+/sg1InNKuNw06
xC/TLd6vb/Y=
=4+pS
-----END PGP SIGNATURE-----

« Back to bulletins