-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2018.0312
  Application and Change Control update fixes Bypass Application Control
                issue with simple DLL or through an ASP.NET
                             21 December 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Application and Change Control
Operating System:     Linux variants
                      Windows
Impact/Access:        Execute Arbitrary Code/Commands -- Existing Account
                      Unauthorised Access             -- Existing Account
Resolution:           Patch/Upgrade
CVE Names:            CVE-2018-6669 CVE-2018-6668 
Member content until: Sunday, January 20 2019

OVERVIEW

        McAfee has addressed multiple vulnerabilities in Application and 
        Change Control before 7.0.1. [1]


IMPACT

        McAfee has provided the following information about the 
        vulnerabilities:
        
        "CVE-2018-6668   
        Bypass Application Control with simple DLL
        A whitelist bypass vulnerability in McAfee Application Control / Change Control
        7.0.1 and before allows execution bypass, for example, with simple DLL trough
        interpreters such as PowerShell.
         
        CVE-2018-6669
        Bypass Application Control through an ASP.NET form
        A whitelist bypass vulnerability in McAfee Application Control / Change Control
        7.0.1 and before allows a remote or local user to execute blacklisted files
        through an ASP.NET form." [1]


MITIGATION

        McAfee advises:
                
        "To remediate this issue, go to the Product Downloads site, and 
        download the applicable product update file:" [1]
        
        +-------+-------+---------+-----------------+
        |Product|Type   |File Name|Release Date     |
        +-------+-------+---------+-----------------+
        |MACC   |Release|8.0.0    |December 16, 2016|
        +-------+-------+---------+-----------------+


REFERENCES

        [1] McAfee Security Bulletin - Application and Change Control update
            fixes Bypass Application Control issue with simple DLL or through
            an ASP.NET (CVE-2018-6668, CVE-2018-6669)
            https://kc.mcafee.com/corporate/index?page=content&id=SB10261

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXBxXd2aOgq3Tt24GAQgOWBAAreI8Kag9HE7tyP0SUDYdBjDRCM1hQVTZ
0Du8pluNMK7t182Ct37/FwZUQGxon1e4zuGubCEYZ4N6kcUqA4L4EBQfrvVElMLG
bjpFNMKvf0zT3cT8OnmnaKCTdjTOXtg86fuSy9wbqh7gjjs42o20/TdZWnkITnEw
ly867ngm8vbYIo8YqCdtswB7d1F8ObsmBj2dtDsvjuvSI7Xch7bX/OoB2rcvtTzH
uQ8QH4sfk1NO7nMw4sQitCFBnF/c/Y2qpbYLf12tz6PtaN9a3NBgmLmNvOYj1wog
C85XDuTC9FKP3XYcCpLB/KrUp22T+qTLi3AqOuvpDjWUMcLa1ZjVadvaku08K31v
ea/dul3upsBCSe+Q3Zao3fHYWz8K0xAX3M7GxcgjXxf9U/5LnlMA9xF++94yaJR2
EhnVirTyPbDcwjUJSa7oyv15i7+5/b1leWUDlZtBDPBDAWWGmOyKJkE5kqweQY1N
RLS8+YQRVakwfihcC+B3ncWkPIIEqUahguA86DzhvMja6KnlYXgJD/s61fIayNrb
HGM8L0TSNv+UrGLW0JvzJeRmAJD0CkI0cIo5yOgBSAaFU6ZiCZybMBbrkG818GPr
vMEqOtBa6UPSPFf79Fw1i0PvbU1FWeDmBN4ALMz4raV3L/1olLS+i+JOeAmKeg4C
10XN1Yb7d2A=
=98qR
-----END PGP SIGNATURE-----