Operating System:

[Appliance]

Published:

10 May 2018

Protect yourself against future threats.

//Service

Malicious URL Feed

Add this Australian-based feed to your firewall blacklist and SIEM to prevent compromises to your network.

Read more
Resources > Security Bulletins > ASB-2018.0111 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2018.0111
        CVE-2016-10229 fixed in McAfee Network Data Loss Prevention
                                10 May 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              McAfee Network Data Loss Prevention
Operating System:     Network Appliance
Impact/Access:        Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
CVE Names:            CVE-2016-10229  
Member content until: Saturday, June  9 2018
Reference:            ASB-2017.0032
                      ESB-2017.2807
                      ESB-2017.1179

OVERVIEW

        A vulnerability has been addressed in McAfee Network Data Loss
        Prevention 9.3.4. [1]


IMPACT

        McAfee has provided the following details:
        
        "CVE-2016-10229
        The Network DLP 9.3.x kernel is vulnerable to remote attackers to execute
        arbitrary code via UDP traffic that triggers an unsafe second checksum
        calculation during execution of a recv system call with the MSG_PEEK flag.
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10229
         
        Affected Network DLP components:
        
          * McAfee DLP Manager
          * McAfee DLP Monitor
          * McAfee DLP iPrevent
          * McAfee DLP iDiscover" [1]


MITIGATION

        McAfee recommends users apply DLP Endpoint
        Hotfix 1219856-40906-9.3.4.200-01 on affected systems. [1]
        
        Also recommended:
        "Workaround
        McAfee strongly recommends that you configure system and network access
        controls to the below best practices:
        
          * Change the default root password of the system to a strong, un-guessable
            password.
          * Place the Network DLP Management console only on a trusted network.
          * Give accounts on Network DLP systems only to personnel with a
            "need-to-know".
          * Apply network restrictions such that only Network DLP Appliances can
            communicate with Network DLP Managers.
          * Use only a single network interface card (NIC) for inter-system
            communications.
          * Present management functions only on a single NIC. Configure the management
            NIC to accept connections only from a trusted, restricted network.
        " [1]


REFERENCES

        [1] McAfee Security Bulletin - Network Data Loss Prevention 9.3.4.x
            update fixes CVE-2016-10229
            https://kc.mcafee.com/corporate/index?page=content&id=SB10235

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWvOiXox+lLeg9Ub1AQh3iA//dclE6vgMlg0OuKO9S9jWJFJuBQfaY3Ri
J0X8PYfjIcvk4Nxu8DWZo6OA0hJ2qs83eGSbHEiykRhIm3uRysI8Yz2OIw9FK9K5
zmwaWl2sG8Azva9PVNvAyrcUThfFdrHuO8HpDu+IYFircCiR/dozpsQtrZew1+Ra
vlh20FXo2J+a9dRngzJ5lDsuyG7qv/6vaw8Juq4phxTAav6lXW0MgooGJxUWpuPA
fN0LjAndjsMDPGQIGUhIe1tD9lkbLHUWaXidhvSTwL8BLcFsBTb7EYfHY82I3vva
75ff0z667vijbpQUKmpfie0GOniS3ftIgdqS/N7OqOeVMkmVnRq8JtMP+pWn1R4u
NQmhYlf5VvkysHzIh765/SeFcqr4xgjBjQQd1xRUiiCt2T+8aROPtsUMC1oqIjPn
CNDZW6tdPNn2db4EF45PVXpBt9OzZtwnj0Y92OjI+CQkpaLvhJbeWX/8fYtMxf5Q
Ob6l/WgTCvl5s5rDRqbZcV6LDT0AX6eV3yST61Q0JQQrxgMtqETvpfO2Z6c3ANp6
mtuUqMqlLorrANHELIM1gOoIcwEYYgE2RG2wtT/Uwqhg2L1heA7s7YquIPOZk4iV
9SkcSMscMjZxW0XlDkjLqHJJdbYbzl6EXYgklmnrZj/X+gfCiBQ3Yuf3hwdHPTaT
gs64XMCi8g0=
=19Ra
-----END PGP SIGNATURE-----