Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2012.0145 Firewall Enterprise response to CVE-2012-5166 22 October 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: McAfee Firewall Enterprise Operating System: Network Appliance Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2012-5166 Member content until: Wednesday, November 21 2012 Reference: ESB-2012.0974 OVERVIEW McAfee have provided a fix for a BIND vulnerability in McAfee Firewall Enterprise. IMPACT The following information is available on the McAfee site: "If specific combinations of RDATA are loaded into a nameserver, either via cache or an authoritative zone, a subsequent query for a related record will cause named to lock up." [1] MITIGATION The vulnerability is fixed in version 7.0.1.03H06 and will be fixed in versions 8.2.1P06 and 8.3.0P02 however these are not yet released. [1] REFERENCES [1] Firewall Enterprise response to CVE-2012-5166 https://kc.mcafee.com/corporate/index?page=content&id=KB76535 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUITmGO4yVqjM2NGpAQKyYRAAgZD9mN4l5kevEWO2XwLp90MVfLO0soa/ yLl1Ud1yUSO1SCEf5JByp7sEUGo2xxfX0Zjr4PZDcdYt4NfjV8RGnYbE22JBlj8F BRK9fnNZKL2OqA7jI/qGrGhrcvmVHQVCkNO1shb4jyJKh9qucE7qPE0z2NmzAYFW u16lnO1dMCOXI47WdVmK0f738RBjDWz3g0VGMhBN8uweV0e+mZOVt06ff/1yp04j 0G044zs0+tdCVrJ4U/JSeDiL5k1W34l15HdSC/ASzTWjEjR5kQ033BpoxlLSkOmz DIxnW2PM1aH/YeSSzh10QUYQ89989RwFw5+gkgGBrSReY3xEtW3VmzF2blarWNsQ GnYKkI1fYtTiOE+nL0PWoQ4Ch+nEiMC2t62u44Xhd29y8L+NpPJWEa4kzxzKci/X u5W8Z3KgmZ76fUMtlbZGiXH7cOWCZbV4eWFw7uCP17WGdwkB7MxnO6/l3HdwpgQn 68jILj1vojdHW7iTblTsRNpJUsZ4lUfs4P4fbbtZctYL7jz8qI2G8jPXLcwBBsIW g38bJRu8u7ox00gAeKS7mJ8A20qrODuR2k0bNy/QAzOYs11dkCri6MUb7HszIQpA mEtv0wOc3EjqoZ461ljX47rT8vT9bDD+EjIoSGGD7HoQk1LYHPvf4zPq7qANOdKS OPrh+wgmkNc= =M0Hp -----END PGP SIGNATURE-----