Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2018.0155 OpenSSL updated in McAfee products 12 July 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: McAfee Email Gateway McAfee Data Loss Prevention Monitor McAfee Data Loss Prevention Prevent Operating System: Network Appliance Virtualisation Impact/Access: Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2018-0739 Member content until: Saturday, August 11 2018 Reference: ASB-2018.0134 ESB-2018.1725 ESB-2018.1199 ESB-2018.0896 OVERVIEW A vulnerability has been identified in McAfee Email Gateway, McAfee Data Loss Prevention Monitor and McAfee Data Loss Prevention Prevent. It stems from the embedded version of OpenSSL. [1] IMPACT The vendor has provided the following information regarding the vulnerability: "CVE-2018-0739 Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. https://nvd.nist.gov/vuln/detail/CVE-2018-0739" [1] MITIGATION McAfee advises updating to the latest versions of the affected software to address this vulnerability. [1] REFERENCES [1] McAfee Security Bulletin - OpenSSL update for vulnerability CVE-2018-0739 https://kc.mcafee.com/corporate/index?page=content&id=SB10243 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW0b0ImaOgq3Tt24GAQjccA//c2JUvFBC0I/zs0gj2JU6GDA6sjxxQEBp 1URYLXlenmGDt6k/rrsDI900WMdAYihCbDBGpmgtlQvNJO5CcyC2pMEdltuDXZtB 3dT03EnhZ/sy01K1FNqszdPKvjrv9EioOlEN/ATupu4sZMaCP7Plb3rPNrMQZAq8 iohbJ5B5tY8/XVLCmMo7Kz56lVevKMH3q3tZLfuW45+0f8oo5qULH67tC+Q1RweE y+qOYUBn4qGxSSRlHSomD4MyaHObIFPvh3GuO+wTVeepTeJnDweKsMCHixgxdfjv umHasQJ9VjjQREdWmLst63LswryT/k8L2cHvNIAxICRDd5VMWE42u5oKcZIXGysz Nek139/vpWue7UwheMbYH8bXgqK6iYmf54My0mIcKLzJkRTbW4/TuaLNPzK1fQ7g Dpt6ZnR+s/UjMr/ClVKxjRkSQnxy4XtoI691qb4kswWEptJRITLy09iF/RAGfcYF hMJwtNNnY9rR83vZHqhGRAf1UKzoV2rqcn30sx3+GmHOKC07ShPO5I37lNS5NTkK WIIZczZk7kyB/i9c/2MhTcPVGmrqkuewTjyw5rOByQYMR1xFhr+u2I0Mncwb/pVH vUuslbtK30zV9eOpdPxBKVDW0yJCvRuzP0vQfEhmogMHnKc15zpn22LhysH8rwj4 dBS9GXYAQHQ= =Hp2O -----END PGP SIGNATURE-----