Loading...

Knowledge Center


Email Gateway 7.6.x response to CVE-2015-1793 (7.6.400 RTS (Build 3284.111) is Vulnerable)
Technical Articles ID:   KB85242
Last Modified:  4/7/2017

Environment

McAfee Email Gateway (MEG) 7.6.x

Summary

On October 22, 2015, McAfee announced the five year End of Life (EOL) for McAfee Email Gateway (MEG) software and appliances. For details, see KB85857

Problem

CVE-2015-1793 describes an OpenSSL Alternative chains certificate forgery vulnerability.

For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1793

Is Email Gateway (MEG) 7.6.x at risk from CVE-2015-1793?

Solution

 
MEG 7.6.x versions earlier than 7.6.400 RTS are Not Vulnerable to this issue, because these releases do not use the affected OpenSSL version.

IMPORTANT:  MEG 7.6.400 RTS (Build 3284.111) is vulnerable to this issue. 

This issue was resolved in 7.6.400.1 (7.6.400 RTW) and was included in all subsequent 7.6.x releases. MEG 7.6.400.1 and later is therefore not vulnerable to this issue.

McAfee recommends you upgrade to the latest version of MEG 7.6.4xx.

McAfee product software, upgrades, maintenance releases, and documentation are available from the Product Downloads site at: http://www.mcafee.com/us/downloads/downloads.aspx.

NOTE: You need a valid Grant Number for access. KB56057 provides additional information about the Product Downloads site, and alternate locations for some products.

Rate this document

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.