Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2018.0111 CVE-2016-10229 fixed in McAfee Network Data Loss Prevention 10 May 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: McAfee Network Data Loss Prevention Operating System: Network Appliance Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2016-10229 Member content until: Saturday, June 9 2018 Reference: ASB-2017.0032 ESB-2017.2807 ESB-2017.1179 OVERVIEW A vulnerability has been addressed in McAfee Network Data Loss Prevention 9.3.4. [1] IMPACT McAfee has provided the following details: "CVE-2016-10229 The Network DLP 9.3.x kernel is vulnerable to remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10229 Affected Network DLP components: * McAfee DLP Manager * McAfee DLP Monitor * McAfee DLP iPrevent * McAfee DLP iDiscover" [1] MITIGATION McAfee recommends users apply DLP Endpoint Hotfix 1219856-40906-9.3.4.200-01 on affected systems. [1] Also recommended: "Workaround McAfee strongly recommends that you configure system and network access controls to the below best practices: * Change the default root password of the system to a strong, un-guessable password. * Place the Network DLP Management console only on a trusted network. * Give accounts on Network DLP systems only to personnel with a "need-to-know". * Apply network restrictions such that only Network DLP Appliances can communicate with Network DLP Managers. * Use only a single network interface card (NIC) for inter-system communications. * Present management functions only on a single NIC. Configure the management NIC to accept connections only from a trusted, restricted network. " [1] REFERENCES [1] McAfee Security Bulletin - Network Data Loss Prevention 9.3.4.x update fixes CVE-2016-10229 https://kc.mcafee.com/corporate/index?page=content&id=SB10235 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWvOiXox+lLeg9Ub1AQh3iA//dclE6vgMlg0OuKO9S9jWJFJuBQfaY3Ri J0X8PYfjIcvk4Nxu8DWZo6OA0hJ2qs83eGSbHEiykRhIm3uRysI8Yz2OIw9FK9K5 zmwaWl2sG8Azva9PVNvAyrcUThfFdrHuO8HpDu+IYFircCiR/dozpsQtrZew1+Ra vlh20FXo2J+a9dRngzJ5lDsuyG7qv/6vaw8Juq4phxTAav6lXW0MgooGJxUWpuPA fN0LjAndjsMDPGQIGUhIe1tD9lkbLHUWaXidhvSTwL8BLcFsBTb7EYfHY82I3vva 75ff0z667vijbpQUKmpfie0GOniS3ftIgdqS/N7OqOeVMkmVnRq8JtMP+pWn1R4u NQmhYlf5VvkysHzIh765/SeFcqr4xgjBjQQd1xRUiiCt2T+8aROPtsUMC1oqIjPn CNDZW6tdPNn2db4EF45PVXpBt9OzZtwnj0Y92OjI+CQkpaLvhJbeWX/8fYtMxf5Q Ob6l/WgTCvl5s5rDRqbZcV6LDT0AX6eV3yST61Q0JQQrxgMtqETvpfO2Z6c3ANp6 mtuUqMqlLorrANHELIM1gOoIcwEYYgE2RG2wtT/Uwqhg2L1heA7s7YquIPOZk4iV 9SkcSMscMjZxW0XlDkjLqHJJdbYbzl6EXYgklmnrZj/X+gfCiBQ3Yuf3hwdHPTaT gs64XMCi8g0= =19Ra -----END PGP SIGNATURE-----