Loading...

Knowledge Center


TIE Server response to CVE-2017-6874 (not vulnerable)
Technical Articles ID:   KB89031
Last Modified:  10/23/2018

Environment

McAfee Threat Intelligence Exchange Server (TIE) 2.0, 1.x

Summary

This article describes a potential vulnerability of the TIE Server that would allow local users to cause a denial of service (use-after-free and system crash), or possibly have unspecified other effects via crafted system calls that leverage certain decrement behavior; this behavior causes incorrect interaction between put_ucounts and get_ucounts.

Cause

This vulnerability is caused by a race condition in the kernel source file kernel.c or ucount.c.

Solution

Engineering has determined that TIE Server is not vulnerable.  

McAfee Linux is not affected because the affected kernel source code was not added until after kernel 4.4 (MLOS2 uses 3.18),  and MLOS3 uses 4.4. RedHat and Debian have also confirmed that their kernel is not affected.

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.