ASB-2019.0081 - [Win][Linux][Virtual] McAfee Web Gateway: Multiple vulnerabilities 2019-03-15

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2019.0081
        McAfee Security Bulletin - Web Gateway update fixes several
                        third-party vulnerabilities
                               15 March 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              McAfee Web Gateway
Operating System:     Virtualisation
                      Windows
                      Linux variants
Impact/Access:        Execute Arbitrary Code/Commands -- Existing Account
                      Increased Privileges            -- Existing Account
                      Denial of Service               -- Existing Account
Resolution:           Patch/Upgrade
CVE Names:            CVE-2018-1000301 CVE-2018-1000122 CVE-2018-1000121
                      CVE-2018-1000120 CVE-2018-1000007 CVE-2018-18311
                      CVE-2018-16865 CVE-2018-16864 CVE-2018-11237
                      CVE-2018-11236 CVE-2018-10897 CVE-2018-6485
                      CVE-2018-4463 CVE-2018-1061 CVE-2018-1060
                      CVE-2018-0494 CVE-2017-16997 CVE-2016-4463
Member content until: Sunday, April 14 2019
Reference:            ESB-2018.3767
                      ESB-2018.3388
                      ESB-2018.3371
                      ESB-2018.3370
                      ESB-2018.3389.2

OVERVIEW

        McAfee has updated McAfee Web Gateway to address vulnerabilities
        in several third-party components. [1]


IMPACT

        The vendor has provided the following information:
        
        " 1. CVE-2018-16864:
            An allocation of memory without limits, that could result in the stack
            clashing with another memory region, was discovered in systemd-journald
            when a program with long command line arguments calls syslog. A local
            attacker may use this flaw to crash systemd-journald or escalate
            privileges.
            https://nvd.nist.gov/vuln/detail/CVE-2018-16864
         2. CVE-2018-16865:
            An allocation of memory without limits, that could result in the stack
            clashing with another memory region, was discovered in systemd-journald
            when many entries are sent to the journal socket. A local attacker, or a
            remote one if systemd-journal-remote is used, may use this flaw to crash
            systemd-journald or execute code with journald privileges.
            https://nvd.nist.gov/vuln/detail/CVE-2018-16865
         3. CVE-2018-10897:
            A directory traversal issue was found in reposync, a part of yum-utils,
            where reposync fails to sanitize paths in remote repository configuration
            files. If an attacker controls a repository, they may be able to copy files
            outside of the destination directory on the targeted system via path
            traversal.
            https://nvd.nist.gov/vuln/detail/CVE-2018-10897
         4. CVE-2018-6485:
            An integer overflow in the implementation of the posix_memalign in memalign
            functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could
            cause these functions to return a pointer to a heap area that is too small,
            potentially leading to heap corruption. The packet update fixes other CVEs
            that are not exploitable (CVE-2017-16997, CVE-2018-11236, and
            CVE-2018-11237).
            https://nvd.nist.gov/vuln/detail/CVE-2018-6485
         5. CVE-2016-4463:
            A stack exhaustion flaw was found in the way Xerces-C XML parser handled
            deeply nested DTDs. An attacker could potentially use this flaw to crash an
            application.
            https://nvd.nist.gov/vuln/detail/CVE-2018-4463
         6. CVE-2018-0494:
            A cookie injection flaw was found in wget. An attacker can create a
            malicious website which, when accessed, overrides cookies belonging to
            arbitrary domains.
            https://nvd.nist.gov/vuln/detail/CVE-2018-0494
         7. CVE-2018-18311:
            Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a
            crafted regular expression that triggers invalid write operations.
            https://nvd.nist.gov/vuln/detail/CVE-2018-18311
         8. Other updated third-party libraries
            The curl package was updated to cover 5 vulnerabilities (CVE-2018-1000007,
            CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, and
            CVE-2018-1000301). The highest CVSS3 score among these is 6.5.
        
            The python package was updated to cover 2 vulnerabilities (CVE-2018-1060
            and CVE-2018-1061). The highest CVSS3 score among these is 6.5." [1]


MITIGATION

        McAfee advises updating to Web Gateway version 7.7.2.20,
        7.8.2.7 or 8.1 to address these vulnerabilities. [1]


REFERENCES

        [1] McAfee Security Bulletin - Web Gateway update fixes several
            third-party vulnerabilities (CVE-2018-16864, CVE-2018-16865,
            CVE-2018-10897, CVE-2018-6485, CVE-2016-4463, CVE-2018-0494, and
            CVE-2018-18311) (SB10276)
            https://kc.mcafee.com/corporate/index?page=content&id=SB10276

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXIrCvWaOgq3Tt24GAQireA//SV8crtbAtGU3IO1c92BWb1BRtkjBl+SH
5mLmJMZkFrBQbDXY7rLMio/S89UtpJMRMQgfiKrJWStS9Iazue0krRQTFRN/Kano
Iakm2v/ye/qrbQj71wkJZJGq+UcpGh5e9+5tDF8iGeLbYrL+enOs/xmTbWQQ4vg6
n0PqGovbcogtWIQXph0M/YesfJ5v6/hqyLVqIk+PKbPJLszjGjrXnP7nEi9667bL
yWAQdnoivSueeEFZjzpeJShcgAvr/5xBKDChAa7TDViRHK1XfdSdIg9ttCYGjeuQ
1ZYlLIphW1XL+lBbpt3X8RBHAzi+Xp6s4LbAPZ98c0/7aVPhDRX7SBvq2kW5tSGd
c8qrKJS5Mz3d+WSdygE3U4sAwC+6f6xwq43AxR5zdCwSkmtYqufIh0lzkeByUOSq
Lk5T1CqFf2otNS3PdODm7yyty9VSdFavCJDZgmk8NlGppYab3bf0GGnFwtUlhynA
LYvQLTSBDEAqjay8jKSYdyQzmG+HWCYxwelIf5E6sBnOzrW7WSizZCA6l9RGDzLQ
0leUS/1YFvI2tjOr+Nvdz4PBU7Er7qmu/+Ptbhz+DySd62S3LaRMMG74KL9wWCSg
tenr8oWcgCoVNkPP5Qu3kvld0n0me5AHExkththRB3SYZVYBEHpOViLYAKKt2cla
yI3ezAFVaEA=
=ZMeU
-----END PGP SIGNATURE-----

« Back to bulletins