Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2013.0021
A vulnerability has been identified in McAfee VirusScan
Enterprise and McAfee Host Intrusion Prevention
14 February 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: McAfee VirusScan Enterprise
McAfee Host Intrusion Prevention
Operating System: Windows
Impact/Access: Increased Privileges -- Existing Account
Resolution: Patch/Upgrade
Member content until: Saturday, March 16 2013
Reference: https://kc.mcafee.com/corporate/index?page=content&id=SB10034
OVERVIEW
A vulnerability in a shared component of McAfee VirusScan and McAfee
Host Intrusion Prevention system has been identified. The following
software is affected:
"VirusScan Enterprise (VSE) 8.8 Patch 1
VSE 8.8 Patch 2 (when updating from VSE 8.7 Patch 5 OR VSE 8.8 Patch 1)
VSE 8.7 Patch 5
Host Intrusion Prevention (Host IPS) 8.0 Patch 1 and Patch 2 (when
updating from Patch 1)" [1]
IMPACT
The vendor has provided the following information:
"A vulnerability was discovered in a shared component used by VSE and
Host IPS that allows for unauthorized privilege escalation. The
attacker must be an authenticated user to exploit this flaw.
McAfee considers this to be a high priority vulnerability and should
be patched soon.
Hotfixes have been created for each of these products to address this
vulnerability." [1]
MITIGATION
McAfee has released hotfixes for the different versions affected by
this vulnerability.
Product Patch / Hotfix
VSE 8.8 Patch 2 and HF805660
VSE 8.7 Patch 5 (release 2) and HF792686
Host IPS 8.0 Patch 2 and HF791162
REFERENCES
[1] McAfee Security Bulletin - VirusScan Enterprise and Host Intrusion
Prevention update fixes a privilege escalation vulnerability
https://kc.mcafee.com/corporate/index?page=content&id=SB10034
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBURxBiu4yVqjM2NGpAQLrjg//fImy1jNMxXXU10FAdxQGJ9/WsC/fb9Pa
eZBNX1O3BEZzrBbZ06+PM2xxR6ybx56Gyv9WpUeYgab9685X8si7fJI1wLxHIp5Y
VSgHtsoPzWyvBzRAo5TEMxAVFMP8JqzuFcS3CPragh3c4uOEyqZZq07MpJ3hUU+s
7M0E5fMyawRNDuGxVhXmtPKw1GJW6jhDyuCGuhcbwcfqcBwJcTZJ85IVZUh92qwv
raP5wWlI3TMbKY+g+48JtirAJKxRfEsHeaeCRocQJdAwSLpo0MH3KVP8ankjDnxA
C27cSV8dJwX0Istvt27/lPPGuedUxMDoPc1KSnxA70neD0Kw9wd0B3OaOer6bucA
FtpV3xUzOFbgulxDE2T+1lVcph/22odKGfpboR/AlavmjfrI7RZhOr/42AEVKXHK
F/xBCbmSkR/LDfNU4kpV2OoZwfstq7s3Wrd1wGbLyS7vfUKAm1JrfMXNiCL0fwAG
qp6oebJxn6sVCxNddCpV5tac2o+FeTwTpS5LthTZMZc6BTLjaj6ksz+xzFLevGCB
5vaDfpKmYjg13VSTCcNKOlkqmQfSUOUCYrMCJTNq5DELySBBEMRDiJzf9Cf17UIH
pu0A+wynp8fE1bVlES32I7uQnsTChctSN/V8dypSS2SHTLc4TMAG0VQmtG6UKasH
RRbz9UKxg6E=
=5RZE
-----END PGP SIGNATURE-----