McAfee Threat Intelligence Exchange Server: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2019.0060
McAfee Security Bulletin - Threat Intelligence Exchange Server 2.3.1 update
         fixes Linux kernel, OpenSSH, and OpenSSL vulnerabilities
                             18 February 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              McAfee Threat Intelligence Exchange Server
Operating System:     Linux variants
                      Virtualisation
Impact/Access:        Access Privileged Data   -- Existing Account      
                      Denial of Service        -- Remote/Unauthenticated
                      Access Confidential Data -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
CVE Names:            CVE-2018-15919 CVE-2018-15473 CVE-2018-5407
                      CVE-2018-5391 CVE-2018-0732 
Member content until: Wednesday, March 20 2019
Reference:            ASB-2019.0041
                      ASB-2019.0031
                      ASB-2019.0030
                      ESB-2018.3474
                      ESB-2018.3380
                      ESB-2018.3377
                      ESB-2018.3374
                      ESB-2018.1758

OVERVIEW

        Multiple vulnerabilities have been identified in McAfee
        Threat Intelligence Exchange Server.


IMPACT

        Details of the vulnerabilities can be found below:
        
        "CVE-2018-5391:
        The Linux kernel, versions 3.9+, is vulnerable to a denial of service
        attack with low rates of specially modified packets targeting IP fragment
        re-assembly. An attacker may cause a denial of service condition by sending
        specially crafted IP fragments.
        https://nvd.nist.gov/vuln/detail/CVE-2018-5391
        
        CVE-2018-15473:
        OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not
        delaying bailout for an invalid authenticating user until after the packet
        containing the request has been fully parsed, related to auth2-gss.c,
        auth2-hostbased.c, and auth2-pubkey.c.
        https://nvd.nist.gov/vuln/detail/CVE-2018-15473
        
        CVE-2018-15919:
        Remotely observable behavior in auth-gss2.c in OpenSSH through 7.8 could be
        used by remote attackers to detect existence of users on a target system
        when GSS2 is in use.
        https://nvd.nist.gov/vuln/detail/CVE-2018-15919
        
        CVE-2018-0732:
        During key agreement in a TLS handshake using a DH(E) based ciphersuite, a
        malicious server can send a very large prime value to the client. This will
        cause the client to spend an unreasonably long period of time generating a
        key for this prime resulting in a hang until the client has finished. This
        could be exploited in a Denial Of Service attack.
        https://nvd.nist.gov/vuln/detail/CVE-2018-0732
        
        CVE-2018-5407:
        OpenSSL ECC scalar multiplication, used in, for example, ECDSA and ECDH,
        has been shown to be vulnerable to a microarchitecture timing side channel
        attack. An attacker with sufficient access to mount local timing attacks
        during ECDSA signature generation could recover the private key.
        https://www.openssl.org/news/vulnerabilities.html#2018-0734
        https://nvd.nist.gov/vuln/detail/CVE-2018-5407" [1]


MITIGATION

        McAfee recommends installing or updating to the following versions:
        
        "TIE Server 2.3.1" [1]


REFERENCES

        [1] Threat Intelligence Exchange Server 2.3.1 update fixes Linux
            kernel, OpenSSH, and OpenSSL vulnerabilities
            https://kc.mcafee.com/corporate/index?page=content&id=SB10269

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXGn5bWaOgq3Tt24GAQhzJQ//bVVWJOEI76nz6OLPVBw+Yx+UvnjhuQes
7X8zrvemKurPhL0cuNPj7UTTlGf9QuIIP/RFdpajCle9Hzxd1s2Xt4261NEzoXS5
yI29V2aAwFpEuRV9z1v9tQHijuBPwYj7RVMpWz794DfjlPcTxUasQj8IaXCMz7rE
fdFybW5tDoyN89J80i+ogiP0sBf8rsp7xbhWV4vIpOYroTPcNGwPdcxixTTRCrk7
gA0cUaRsaPrzKcIL0RfHRmf5lTxZSlEVxmTIV1j+eMPXzabngPr23g+EWPi5K8dH
DUqilMAsXe7seoKaz6TfEgd+XDkzYIPhB1pQ5dkaMUWyueiA+PaA/kekhvpFjWV4
kupufVJX7jIVGJcB8iAklLMjFZongj54WbfOreyD6Cax6QVtbBZq+MYIzfYHPyVy
ijguUqRlC55O/hHvVYlrSrZ+F24ag+2p0pd/KYGPSZaM0X24qHJ31HL+u2E4aD3n
wA9lVFJbQq9UhE13msLp/kQhw1kaLWEejTWVd09vWbZiAewF83LmpudFJ1TaeNWq
8xjE2MIIEGaeIHYNaemP9a5AdQQ6yZU+rOFIZyTx/NwVxS2j0POniyj6l4P2o48l
+tkKlHjX7RO59IGwd/41yPIYIcoJTGR5UFgE2OyQKZQh8UHmPjJo81+JUbXvwEoS
Px6xGZv5G9o=
=2HCg
-----END PGP SIGNATURE-----