ASB-2019.0010 - [Win][Linux][Virtual] McAfee Web Gateway: Multiple vulnerabilities 2019-01-11

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2019.0010
 Multiple vulnerabilities have been identified in McAfee Web Gateway (MWG)
                              11 January 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              McAfee Web Gateway
Operating System:     Windows
                      Linux variants
                      Virtualisation
Impact/Access:        Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                      Denial of Service               -- Remote/Unauthenticated
                      Provide Misleading Information  -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
CVE Names:            CVE-2019-3581 CVE-2018-12327 CVE-2018-11784
                      CVE-2018-7170  
Member content until: Sunday, February 10 2019
Reference:            ASB-2018.0096
                      ESB-2018.3271
                      ESB-2018.3239
                      ESB-2018.3049
                      ESB-2018.0679

OVERVIEW

        Multiple vulnerabilities have been identified in McAfee Web Gateway 
        (MWG) in versions prior to 7.7.2.19, 7.8.2.5 and 8.0.2. [1]


IMPACT

        Details of the vulnerabilities can be found below:
        
        "CVE-2019-3581: An unauthenticated user can cause a denial of 
        service attack against the proxy component of McAfee Web Gateway. 
        NOTE: The following link was not yet populated with CVE details at 
        the time of publication of this Security Bulletin. 
        https://nvd.nist.gov/vuln/detail/CVE-2019-3581
        
        CVE-2018-11784: When the default servlet in Apache Tomcat returned a
        redirect to a directory (for example, redirecting to '/foo/' when 
        the user requested '/foo') a specially crafted URL could be used to
        cause the redirect to be generated to any URI of the attacker's 
        choice. 
        https://nvd.nist.gov/vuln/detail/CVE-2018-11784
        
        CVE-2018-12327: The ntpq and ntpdc command-line utilities that are 
        part of the ntp package are vulnerable to stack-based buffer 
        overflow via crafted hostname. Applications using these vulnerable 
        utilities with an untrusted input may be potentially exploited, 
        resulting in a crash or arbitrary code execution under privileges of
        that application. 
        https://nvd.nist.gov/vuln/detail/CVE-2018-12327
        
        CVE-2018-7170: A flaw was found in ntpd making it vulnerable to 
        Sybil attacks. An authenticated attacker could target systems 
        configured to use a trusted key in certain configurations and to 
        create an arbitrary number of associations and subsequently modify a
        victim's clock. 
        https://nvd.nist.gov/vuln/detail/CVE-2018-7170" [1]


MITIGATION

        McAfee recommends installing or updating to the following versions:
        McAfee Web Gateway (MWG) 7.7.2.19
        MWG 7.8.2.5 (Main Release)
        MWG 8.0.2 (Controlled Release) [1]


REFERENCES

        [1] McAfee Security Bulletin - Web Gateway updates fix four
            vulnerabilities (CVE-2019-3581, CVE-2018-11784, CVE-2018-12327, and
            CVE-2018-7170)
            https://kc.mcafee.com/corporate/index?page=content&id=SB10264

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXDg0wWaOgq3Tt24GAQjorxAAx0SYu4QxPsWD25+39hmCYDhXJldeo6LH
Mz+I289xiciETsWQXXTcPZssVXLF9Mli+6EFG0JKDNkUOVs083541OGuXJRk137P
jOmO24W5htMvmgtvKZZ8fV3JzTcrqVhS3MpASdVM3vZYsqZyaKG0IbjvFmXfPFKA
EYYIKE/IBZLIdGNW9k0QfrdnVvEQmPQldckQhS9qNBD05afl8n7IaGjxkrfK5OTF
NBxK1mp26zMPLaqPWoZsTAS6q+jHWLUp4KHOf5h0cRU8pOR0c/ZKOKO94c1OoUzY
9idITL4Oe234ToWSOxAURPbVPJnvQR8iwLanDznRXpQjrcF6h42EksyX6Es81+44
grrX/ZwcPIe9GbiuMaddFPtLo81TBJK0gshgyIffcZKh5NElyYKKbYmhaQVsU1XO
/gkSXDGYD9VeiqZVs9gmwDX4sknuKgoZo6XDS+kXpRqxofNDXJclH0RLPZtt+sMB
Ng+G3J6evBdrjWC3KKxfLo9RI+5IRmS8RNV/+6BiG/YzilJduC+kamXaoiVoZkq3
KXkRWcyiPtj6j5wDyZPtxYietUdarPibGvw5rBYyM/XWwFYzBfuZQLuP8o0d1UEB
KMWOD0pR9SCQgLm1KjRKzS9YkHnVc+9DQLC/BN3Y6DQ8SKBZtTJ7P2XtniNPB6cY
GmVD7hHDqGk=
=E6U9
-----END PGP SIGNATURE-----

« Back to bulletins