Loading...

Knowledge Center


EWS 5.6 and MEG 7.x response to Bash Shellshock Code Injection Exploits (CVE-2014-6271 and CVE-2014-7169)
Technical Articles ID:   KB83006
Last Modified:  3/1/2017

Environment

McAfee Email Gateway (MEG) 7.x
McAfee Email and Web Security 5.6

Problem

Is MEG 7.x at risk from the following Bash Shellshock Code Injection Exploits Vulnerabilities?
  • CVE-2014-6271
  • CVE-2014-7169
  • CVE-2014-7186
  • CVE-2014-7187
  • CVE-2014-6277
  • CVE-2014-6278
NOTE: For full information on these vulnerabilities and remediation for all McAfee products see SB10085.

Solution

MEG 7.6:
These vulnerabilities are addressed in the following hotfix and patch.
 
Hotfix: 7.6h1010246
 
{MEG76P3.EN_US}
 
IMPORTANT: 7.6.2h1010246 requires a minimum installed version of 7.6.2, but will apply on post-7.6.2 hotfixes and 7.6.3 RTS releases.
 
{GENPA.EN_US}

Solution

MEG 7.5:
These vulnerabilities are addressed in the following hotfix and patch.
 
Hotfix:7.5h1010253
 
{MEG755.EN_US}
 
IMPORTANT: 7.5.4h1010253 requires a minimum installed version of 7.5.4, but will apply on post-7.5.4 hotfixes.
 

Solution

MEG 7.0.x:
These vulnerabilities are addressed in the following hotfix:
MEG-7.0.5h1010264
 
EWS 5.6:
These vulnerabilities are addressed in the following hotfix:
 EWS-5.6h1010267

Disclaimer

The content of this article originated in English. If there are differences between the English content and its translation, the English content is always the most accurate. Some of this content has been provided using Machine Translation translated by Microsoft.

Rate this document

Did this article resolve your issue?

Please provide any comments below

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.