-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2017.0126
    Multiple vulnerabilities have been identified in McAfee Web Gateway
                               28 July 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              McAfee Web Gateway
Operating System:     Network Appliance
Impact/Access:        Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                      Root Compromise                 -- Existing Account      
                      Denial of Service               -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
CVE Names:            CVE-2017-1000368 CVE-2017-1000366 CVE-2017-1000364
                      CVE-2012-6706  
Member content until: Sunday, August 27 2017
Reference:            ESB-2017.1673
                      ESB-2017.1656
                      ESB-2017.1652

OVERVIEW

        Multiple vulnerabilities have been identified in McAfee Web Gateway:
        CVE-2012-6706, CVE-2017-1000364, CVE-2017-1000366, and 
        CVE-2017-1000368. [1]


IMPACT

        McAfee has provided the following information concerning the 
        vulnerabilities:
        
        "CVE-2012-6706: A VMSF_DELTA memory corruption was discovered in 
        unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection 
        Engine before 3.37.2 and other products, that can lead to arbitrary
        code execution. An integer overflow can be caused in 
        DataSize+CurChannel. The result is a negative value of the "DestPos"
        variable, which allows the attacker to write out of bounds when 
        setting Mem[DestPos]. 
        https://nvd.nist.gov/vuln/detail/CVE-2012-6706
        
        CVE-2017-1000364: An issue was discovered in the size of the stack 
        guard page on Linux, specifically a 4k stack guard page is not 
        sufficiently large and can be "jumped" over (the stack guard page is
        bypassed). This affects Linux Kernel versions 4.11.5 and earlier 
        (the stackguard page was introduced in 2010). 
        https://nvd.nist.gov/vuln/detail/CVE-2017-1000364
        
        CVE-2017-1000366: glibc contains a vulnerability that allows 
        specially crafted LD_LIBRARY_PATH values to manipulate the 
        heap/stack, causing them to alias, potentially resulting in 
        arbitrary code execution. Please note that additional hardening 
        changes have been made to glibc to prevent manipulation of stack and
        heap memory but these issues are not directly exploitable, as such 
        they have not been given a CVE. This affects glibc 2.25 and earlier.
        https://nvd.nist.gov/vuln/detail/CVE-2017-1000366
        
        CVE-2017-1000368: Todd Miller's sudo version 1.8.20p1 and earlier is
        vulnerable to an input validation (embedded newlines) in the 
        get_process_ttyname() function resulting in information disclosure 
        and command execution. 
        https://nvd.nist.gov/vuln/detail/CVE-2017-1000368" [1]


MITIGATION

        The vendor recommends upgrading to the latest versions of
        McAfee Web Gateway. [1]


REFERENCES

        [1] McAfee Security Bulletin - Web Gateway update fixes vulnerabilities
            CVE-2012-6706, CVE-2017-1000364, CVE-2017-1000366, and
            CVE-2017-1000368
            https://kc.mcafee.com/corporate/index?page=content&id=SB10205

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWXramox+lLeg9Ub1AQgCUg//bYHMMQ2W7RkDvszd5mQyPJVUBFDZW2mZ
Up8gL7ipUBX9PZLv9i4BKnzYC90o+nPWtYw6qQJnZSDy/JFxDJUP44mBHN/M1KTy
GwSEBaf4O99FVMtBck4WIHKexh1xUmXD1EKGINPfewCaI+dXSWi+Vx12aYBOguYh
f5EPgW8BJzp2n+6ksH7K4DlIvFSimG94uz5Tri2fM/eOkeAZ/QZeVpH9bo4t2i7H
lMYqmdVVfqFl6bNiK2J/FNIKNwqM/KCyWqGElJiGdfu5+NHnfSkuoBkP5JSpRcmF
gvAYWpiyTwWcpCpP3uAclU+/wFAIz8xoNah1rYLMCOSB3OH0f5YWQVJBCZlkEDAi
XiVaR3RidMhlh97BsCqQtvy1VgPcFSSIbxg79sqPFbLr0bcOlVz+GUfbLwzJQ13d
71grHpha0aM+4lmPR/ZtLg/0PPcJ+NgugTdfZIw2za6uyQymk+N/Y2+Aka8KhPVN
y0ZIyZnfCrhdD0vEtGl0Pj/FdC2G1D61XzcESxvvbRkyodh38GEUPhEjLg4q74Z6
jnOIs7xw/7hdDHQeM1hr0VIlMh6vTLKi4KrYblmy6z6bmiYFfbW67r3isjoHw9wc
sqDe+RoitC1hoIgOKvIrB5SGkAUxR2cwiqQRpTrxdNvqCk0y2JTN9CpXhS5raPRm
ebGVKAtkGYM=
=JpHQ
-----END PGP SIGNATURE-----