Loading...

Knowledge Center


EWS 5.6 and MEG 7.x response to Bash Shellshock Code Injection Exploits (CVE-2014-6271 and CVE-2014-7169)
Technical Articles ID:   KB83006
Last Modified:  3/1/2017

Environment

McAfee Email Gateway (MEG) 7.x
McAfee Email and Web Security 5.6

Problem

Is MEG 7.x at risk from the following Bash Shellshock Code Injection Exploits Vulnerabilities?
  • CVE-2014-6271
  • CVE-2014-7169
  • CVE-2014-7186
  • CVE-2014-7187
  • CVE-2014-6277
  • CVE-2014-6278
NOTE: For full information on these vulnerabilities and remediation for all McAfee products see SB10085.

Solution

MEG 7.6:
These vulnerabilities are addressed in the following hotfix and patch.
 
Hotfix: 7.6h1010246
 
{MEG76P3.EN_US}
 
IMPORTANT: 7.6.2h1010246 requires a minimum installed version of 7.6.2, but will apply on post-7.6.2 hotfixes and 7.6.3 RTS releases.
 
{GENPA.EN_US}

Solution

MEG 7.5:
These vulnerabilities are addressed in the following hotfix and patch.
 
Hotfix:7.5h1010253
 
{MEG755.EN_US}
 
IMPORTANT: 7.5.4h1010253 requires a minimum installed version of 7.5.4, but will apply on post-7.5.4 hotfixes.
 

Solution

MEG 7.0.x:
These vulnerabilities are addressed in the following hotfix:
MEG-7.0.5h1010264
 
EWS 5.6:
These vulnerabilities are addressed in the following hotfix:
 EWS-5.6h1010267

Rate this document

Did this article resolve your issue?

Please provide any comments below

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.