Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0081 McAfee Security Bulletin - Web Gateway update fixes several third-party vulnerabilities 15 March 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: McAfee Web Gateway Operating System: Virtualisation Windows Linux variants Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Increased Privileges -- Existing Account Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2018-1000301 CVE-2018-1000122 CVE-2018-1000121 CVE-2018-1000120 CVE-2018-1000007 CVE-2018-18311 CVE-2018-16865 CVE-2018-16864 CVE-2018-11237 CVE-2018-11236 CVE-2018-10897 CVE-2018-6485 CVE-2018-4463 CVE-2018-1061 CVE-2018-1060 CVE-2018-0494 CVE-2017-16997 CVE-2016-4463 Member content until: Sunday, April 14 2019 Reference: ESB-2018.3767 ESB-2018.3388 ESB-2018.3371 ESB-2018.3370 ESB-2018.3389.2 OVERVIEW McAfee has updated McAfee Web Gateway to address vulnerabilities in several third-party components. [1] IMPACT The vendor has provided the following information: " 1. CVE-2018-16864: An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate privileges. https://nvd.nist.gov/vuln/detail/CVE-2018-16864 2. CVE-2018-16865: An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges. https://nvd.nist.gov/vuln/detail/CVE-2018-16865 3. CVE-2018-10897: A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. https://nvd.nist.gov/vuln/detail/CVE-2018-10897 4. CVE-2018-6485: An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption. The packet update fixes other CVEs that are not exploitable (CVE-2017-16997, CVE-2018-11236, and CVE-2018-11237). https://nvd.nist.gov/vuln/detail/CVE-2018-6485 5. CVE-2016-4463: A stack exhaustion flaw was found in the way Xerces-C XML parser handled deeply nested DTDs. An attacker could potentially use this flaw to crash an application. https://nvd.nist.gov/vuln/detail/CVE-2018-4463 6. CVE-2018-0494: A cookie injection flaw was found in wget. An attacker can create a malicious website which, when accessed, overrides cookies belonging to arbitrary domains. https://nvd.nist.gov/vuln/detail/CVE-2018-0494 7. CVE-2018-18311: Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. https://nvd.nist.gov/vuln/detail/CVE-2018-18311 8. Other updated third-party libraries The curl package was updated to cover 5 vulnerabilities (CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, and CVE-2018-1000301). The highest CVSS3 score among these is 6.5. The python package was updated to cover 2 vulnerabilities (CVE-2018-1060 and CVE-2018-1061). The highest CVSS3 score among these is 6.5." [1] MITIGATION McAfee advises updating to Web Gateway version 7.7.2.20, 7.8.2.7 or 8.1 to address these vulnerabilities. [1] REFERENCES [1] McAfee Security Bulletin - Web Gateway update fixes several third-party vulnerabilities (CVE-2018-16864, CVE-2018-16865, CVE-2018-10897, CVE-2018-6485, CVE-2016-4463, CVE-2018-0494, and CVE-2018-18311) (SB10276) https://kc.mcafee.com/corporate/index?page=content&id=SB10276 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXIrCvWaOgq3Tt24GAQireA//SV8crtbAtGU3IO1c92BWb1BRtkjBl+SH 5mLmJMZkFrBQbDXY7rLMio/S89UtpJMRMQgfiKrJWStS9Iazue0krRQTFRN/Kano Iakm2v/ye/qrbQj71wkJZJGq+UcpGh5e9+5tDF8iGeLbYrL+enOs/xmTbWQQ4vg6 n0PqGovbcogtWIQXph0M/YesfJ5v6/hqyLVqIk+PKbPJLszjGjrXnP7nEi9667bL yWAQdnoivSueeEFZjzpeJShcgAvr/5xBKDChAa7TDViRHK1XfdSdIg9ttCYGjeuQ 1ZYlLIphW1XL+lBbpt3X8RBHAzi+Xp6s4LbAPZ98c0/7aVPhDRX7SBvq2kW5tSGd c8qrKJS5Mz3d+WSdygE3U4sAwC+6f6xwq43AxR5zdCwSkmtYqufIh0lzkeByUOSq Lk5T1CqFf2otNS3PdODm7yyty9VSdFavCJDZgmk8NlGppYab3bf0GGnFwtUlhynA LYvQLTSBDEAqjay8jKSYdyQzmG+HWCYxwelIf5E6sBnOzrW7WSizZCA6l9RGDzLQ 0leUS/1YFvI2tjOr+Nvdz4PBU7Er7qmu/+Ptbhz+DySd62S3LaRMMG74KL9wWCSg tenr8oWcgCoVNkPP5Qu3kvld0n0me5AHExkththRB3SYZVYBEHpOViLYAKKt2cla yI3ezAFVaEA= =ZMeU -----END PGP SIGNATURE-----