Loading...

Knowledge Center


McAfee Security Bulletin - Data Loss Prevention hotfix resolves two security issues
Security Bulletins ID:   SB10106
Last Modified:  11/5/2018
Rated:


Summary

 Who Should Read This Document:  Technical and Security Personnel
 Impact of Vulnerability:  Unauthorized disclosure of information
 Unauthorized disclosure of information; Unauthorized modification; Disruption of service.
 CVE Numbers:  CVE-2008-5161
 CVE-2014-4877
 CERT/CC and Other Numbers:  None
 Severity Rating:  Low to High
 Base / Overall CVSS Scores:  2.6/2.1
 9.3/7.7
 Recommendations:  Apply Hotfix 1045663_47280 to Network Data Loss Prevention 9.3.3.
 Security Bulletin Replacement:  None
 Caveats:  None
 Affected Software:  Network Data Loss Prevention 9.3.3
 Location of Updated Software:  http://www.mcafee.com/us/downloads/downloads.aspx

To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.

Article contents:

Description

This bulletin outlines several product vulnerabilities according to McAfee’s Security Policy. McAfee strives to be transparent with our customers about potential security issues in McAfee products.
 
This release resolves the two Network Data Loss Prevention (NDLP) issues below:
 
CVE # / McAfee ID Vulnerability CVSS Base / Temporal Score
CVE-2008-5161/1044805         OpenSSH  Vulnerability 2.6/2.1
CVE-2014-4877/1038219 Wget  Vulnerability 9.3/7.7
 
Typically, the NDLP Management Console is deployed on a trusted network and will have access granted only on an as-needed basis. Data Loss Prevention tools are typically among an organization’s most sensitive systems and should be restricted as such. Before updating the software with the fixes, customers are advised to configure typical system and network access controls (see the Workaround section below).
 
When access to NDLP is restricted appropriately, these vulnerabilities pose a reduced security risk from insider threats.
 
Affected Components:
McAfee NDLP:
  • McAfee DLP Manager
  • McAfee DLP Monitor
  • McAfee DLP iPrevent
  • McAfee DLP iDiscover
NOTE: McAfee DLP Endpoint (DLPe) is not affected by these issues.
 
These issues are resolved in McAfee NDLP version 9.3.3 and corresponding hotfix releases on February 27, 2015.

Remediation

The issues are resolved in NDLP 9.3.3 and corresponding hotfixes. Go to the McAfee Downloads site and download the applicable product hotfix file:
 
CVE/McAfee  ID Product Type Major Version Hotfix Number
Hotfix File Name Release Date
CVE-2014-4877/1038219 NDLP Hotfix 9.3.3 Hotfix_1 045663_47280 hotfix_ 1045663_47280.tar.gz February 27, 2015
CVE-2008-5161/1044805 NDLP Hotfix 9.3.3 Hotfix_1 045663_47280 hotfix_ 1045663_47280.tar.gz February 27, 2015

NDLP 9.3.3 Download Instructions
  1. Launch Internet Explorer.
  2. Navigate to: http://www.mcafee.com/us/downloads/downloads.aspx.
  3. Provide your valid McAfee Grant Number.
  4. Select the product and click View Available Downloads.
  5. Click McAfee Data Loss Prevention.
  6. Click the link to download the product file under Download on the Software Downloads screen.
For instructions on how to download McAfee products, documentation, security updates, patches, or hotfixes, see: KB56057.

For instructions on how to install/upgrade this hotfix/patch, please review the Release Notes and the Installation Guide (which you can download from the Documentation tab) following the same steps above.

Workaround

Before upgrading to NDLP 9.3.3, McAfee strongly recommends that you configure system and network access controls to the below best practices:
  • Change the default root password of the system to a strong, un-guessable password.
  • Place the NDLP Management Console only on a trusted network.
  • Only give personnel with a "need-to-know" accounts on NDLP systems.
  • Place network restrictions such that only NDLP Monitors can communicate with NDLP Managers.
  • Use only a single network interface (NIC) for inter-system communications.
  • Present management functions only on a single NIC. The management NIC should accept connections only from a trusted, restricted network.
Mitigations
None

Acknowledgements

McAfee credits ANZ Bank for reporting these flaws.

Support

Corporate Technical Support:
1-800-338-8754
http://www.mcafee.com/us/about/contact-us.aspx#ht=tab-techsupport 

Frequently Asked Questions (FAQs)

What is affected by this security vulnerability?
McAfee NDLP is affected.

Affected Versions:

  • NDLP 9.3.3
  • NDLP 9.3.2 and earlier
Protected Versions:
  • NDLP 9.3.3 (with hotfix)
  • NDLP 9.3.4 and later
McAfee recommends that all customers verify that they have applied the latest updates.

What issues do this hotfix/patch address?
See the issues listed in the table above. The 6 digit number prefixes are McAfee’s internal tracking IDs.

Does this vulnerability affect McAfee enterprise products?
Yes, NDLP is an enterprise product.

How do I know if my McAfee product is vulnerable or not?
For Appliances:
Use the following instructions for Appliance based products:
  1. Open the Administrator's User Interface (UI).
  2. Click the About link. The product version is displayed.
What is CVSS?
CVSS, or Common Vulnerability Scoring System, is the result of the National Infrastructure Advisory Council’s effort to standardize a system of assessing the criticality of a vulnerability. This system offers an unbiased criticality score between 0 and 10 that customers can use to judge how critical a vulnerability is and plan accordingly. For more information, please visit the CVSS website at: http://www.first.org/cvss/
 
What are the CVSS scoring metrics that have been used?
The tables below score each of the issues called out above.

1044805 – OpenSSH Vulnerability

 Base Score 2.6
 Related exploit range (AccessVector) Network Access
 Attack complexity (AccessComplexity) Medium
 Level of authentication needed (Authentication) None
 Confidentiality impact Partial
 Integrity impact None
 Availability impact None
 Temporal Score (Overall)
2.1
 Availability of exploit (Exploitability) Functional
 Type of fix available (RemediationLevel) Official Fix
 Level of verification that vulnerability exists (ReportConfidence) Confirmed

NOTE: CVSS version 2.0 was used to generate this score.
https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=%28AV:N/AC:H/Au:N/C:P/I:N/A:N/E:F/RL:OF/RC:C%29#score

In OpenSSH 4.7p1 and possibly other versions, there is a vulnerability of using a block cipher algorithm in Cipher Block Chaining (CBC) mode. Using this vulnerability remote attackers can easily recover certain plaintext data from an arbitrary block of cipher text in an SSH session via unknown vectors.

This vulnerability is addressed by giving preference to CTR mode of Cipher over CBC mode of cipher. 

1038219 – Wget Vulnerability

 Base Score 9.3
 Related exploit range (AccessVector) Network Access
 Attack complexity (AccessComplexity) Medium
 Level of authentication needed (Authentication) None
 Confidentiality impact Complete
 Integrity impact Complete
 Availability impact None
 Temporal Score (Overall)
7.7
 Availability of exploit (Exploitability) Functional
 Type of fix available (RemediationLevel) Official fix
 Level of verification that vulnerability exists (ReportConfidence) Confirmed

NOTE: CVSS version 2.0 was used to generate this score.
https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=%28AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C%29

Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.

This vulnerability is addressed by setting retr-symlinks=on in wgetrc file.

What has McAfee done to resolve these issues?
McAfee has released a version update to address these security flaws.

Where do I download the fix?
You can download the fix from: http://www.mcafee.com/us/downloads/downloads.aspx.
Users will need to provide their McAfee Grant Number to initiate the download.

How does McAfee respond to this and any other security flaws?
McAfee’s key priority is the security of our customers. In the event that a vulnerability is found within any of McAfee’s software, we work closely with the relevant security research group to ensure rapid and effective development of a fix and communication plan.

McAfee only publishes product vulnerability bulletins together with an actionable workaround, hotfix, patch, or version update; otherwise we would simply be informing the hacker community that our products are a target, putting our customers at greater risk. 

McAfee may publish lists of known vulnerable and not vulnerable products if the product vulnerability is already generally known publicly, but no actionable workaround is ready yet.
 
Where can I find a list of all Security Bulletins?
To view all published Security Bulletins, visit the McAfee ServicePortal at https://mysupport.mcafee.com, click Knowledge Center, and select Security Bulletins in the left navigation pane under Content Source. Alternatively, you can use this link: https://support.mcafee.com/ServicePortal/faces/knowledgecenter?s=true&lang=en-us&sm=false&tab=SCtdl&facets=Security+Bulletin@INQUIRA_TYPE&sb=mostViewed&sbv=numberofviews%3Anumberdecreasing&scps=q.
 
If you know the Security Bulletin ID, use the following link after replacing the example Security Bulletin ID (SB10071) with the Security Bulletin ID you are searching for: https://kc.mcafee.com/corporate/index?page=content&id=SB10071.
 
How do I report a product vulnerability?
If you have information about a security issue or vulnerability with a McAfee product, please visit our product security website at: http://www.mcafee.com/us/threat-center/product-security-bulletins.aspx#=tab-vulnerability.

Resources

For contact details: Go to http://www.mcafee.com/us/about/contact/index.html. Non-US customers - select your country from the list of Worldwide Offices.

Alternatively:
Log into the McAfee Technical Support ServicePortal at https://mysupport.mcafee.com:
  • If you are a registered user, type your User ID and Password and click Log In.
  • If you are not a registered user, click Register and complete the required fields. Your password and login instructions will be emailed to you.
To download McAfee products, updates, and documentation, visit the Downloads page at http://www.mcafee.com/us/downloads/downloads.aspx. For instructions on downloading, see KB56057.

To download new Beta software or to read about the latest Beta information, go to http://www.mcafee.com/us/downloads/beta-programs/index.aspx.

To submit Beta feedback on any McAfee product, email: mcafee_beta@mcafee.com.

For copyright, trademark attributions, and license information, go to http://us.mcafee.com/root/aboutUs.asp?id=copyright.

For patents protecting this product, see your product documentation.

Disclaimer

The information provided in this security bulletin is provided as is without warranty of any kind. McAfee disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall McAfee or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits, or special damages, even if McAfee or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Any future product release dates mentioned in this bulletin are intended to outline our general product direction and they should not be relied on in making a purchasing decision. The product release dates are for information purposes only, and may not be incorporated into any contract. The product release dates are not a commitment, promise, or legal obligation to deliver any material, code, or functionality. The development, release, and timing of any features or functionality described for our products remains at our sole discretion and may be changed or cancelled at any time.

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.