Loading...

Knowledge Center


McAfee Security Bulletin: Fourteen OpenSSL CVEs Announced on March 19, 2015
Security Bulletins ID:   SB10110
Last Modified:  4/6/2017
Rated:


Summary

 Impact of Vulnerability: Cryptographic Issue (CWE-310)
Input Validation (CWE-20)
Code (CWE-17)
Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119)
NULL Pointer Dereference (CWE-476)
CVE Information
CVE Numbers Severity Rating Base CVSS v2 Scores Affected Products
CVE-2015-0204 Medium 5.0 Cloud Server 5 / CS Rest 
Endpoint Intelligence Agent (EIA)
McAfee Email Gateway (MEG)
McAfee Quarantine Manager (MQM)
McAfee Web Gateway (MWG)
Network Threat Behavior Analysis (NTBA)
Rogue System Detection (RSD)
Security as a Service (SaaS)
Security Information and Event Management (SIEM)
CVE-2015-0207 Medium 5.0 None
CVE-2015-0208 Medium 4.3 None
CVE-2015-0209 Medium 6.8 RSD
CVE-2015-0285 Medium 4.3 None
CVE-2015-0286 Medium 5.0 ePO Deep Command (EDC)
ePolicy Orchestrator (ePO)
GTI Proxy 2.0 (EOL)
McAfee Agent (MA)
McAfee Asset Manager (MAM)
MEG
MQM
McAfee Vulnerability Manager (MVM)
MWG
Network Data Loss Prevention (NDLP)
NTBA
RSD
SaaS
SIEM
VirusScan Enterprise for Linux (VSEL)
CVE-2015-0287 Medium 5.0 MAM
NTBA
RSD
VSEL
CVE-2015-0288 Medium 5.0 ePO
CVE-2015-0289 Medium 5.0 MAM
NTBA
RSD
VSEL
CVE-2015-0290 Medium 5.0 None
CVE-2015-0291 Medium 5.0 None
CVE-2015-0292 High 7.5 EDC
MAM
MQM
NDLP
RSD
SIEM
CVE-2015-0293 Low 2.9 MQM
NTBA
RSD
CVE-2015-1787 Low 2.6 None
Base / Overall CVSS v3 Scores: Not Available
 Recommendations: Deploy applicable remediation signatures/rules first.  
Deploy product updates as they are made available.
 Security Bulletin Replacement: None
 Affected Software: See the McAfee Product Vulnerability Status lists below
 Location of Updated Software: http://www.mcafee.com/us/downloads/downloads.aspx

{GENSUB.EN_US}
Article contents:
 

Description

You can find the complete contents of the OpenSSL Organization’s OpenSSL Product Security Advisory at https://www.openssl.org/news/secadv_20150319.txt.
 
 
CVE-2015-0204
Reclassified: RSA silently downgrades to EXPORT_RSA [Client]
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0204

CVE-2015-0207
Segmentation fault in DTLSv1_listen
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0207

CVE-2015-0208
Segmentation fault for invalid PSS parameters
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0208

CVE-2015-0209
Use after free following d2i_ECPrivatekey error
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0209

CVE-2015-0285
Handshake with unseeded PRNG
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0285

CVE-2015-0286
Segmentation fault in ASN1_TYPE_cmp
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0286

CVE-2015-0287
ASN.1 structure reuse memory corruption
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0287

CVE-2015-0288
X509_to_X509_REQ NULL pointer deref
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0288

CVE-2015-0289
PKCS7 NULL pointer dereferences
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0289

CVE-2015-0290
Multiblock corrupted pointer
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0290

CVE-2015-0291
OpenSSL 1.0.2 ClientHello signals DoS
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0291
 
 
CVE-2015-0293
DoS via reachable assert in SSLv2 servers
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0293
 
CVE-2015-1787
Empty CKE with client auth and DHE
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1787
 
 
McAfee Product Vulnerability Status
Investigation into all McAfee products is ongoing. This security bulletin will be updated as additional information is available. Not every version of the "Vulnerable and Updated" products are vulnerable. See the Product Specific Notes section below for details.
 
Vulnerable and Updated
  1. Advanced Threat Defense (ATD)
  2. McAfee Asset Manager (MAM)
  3. McAfee Security Information and Event Management (SIEM)
  4. ePO Deep Command (EDC)
  5. ePolicy Orchestrator (ePO)
  6. Global Threat Intelligence Proxy 2.0 (GTI) (EOL)
  7. McAfee Email Gateway (MEG)
  8. McAfee Web Gateway (MWG)
  9. Rogue System Detection 5.0.1 (RSD) [part of MAM]
  10. VirusScan Enterprise for Linux (VSEL)
Vulnerable and Not Yet Updated
  1. Cloud Server 5 / CS Rest
  2. Endpoint Intelligence Agent (EIA)
  3. McAfee Agent (MA)
  4. MQM McAfee Quarantine Manager (MQM)
  5. McAfee Vulnerability Manager (MVM)
  6. Network Data Loss Prevention (NDLP)
  7. Network Threat Behavior Analysis (NTBA)
  8. SaaS Account Management (SaaSAM)
  9. SaaS Email Archiving (SEA)
  10. SaaS Email Protection and Continuity (SaaS Email)
For a description of each product, see: http://www.mcafee.com/us/apps/products-az.aspx.

Remediation

Go to the Product Downloads site and download the applicable product patch/hotfix file:
 
Product Type Patch Version File Name Release Date
ATD  Patch 3.4.4.63.45665   April 2, 2015
Asset Manager (MAM) 6.6 Hotfix Hotfix 7 Mam_hotfix_pack7.sh June 23, 2015
ePO Deep Command (EDC) 2.2 Hotfix   HF1055847 April 21, 2015
ePO Hotfix Hotfix 4.6.x and 5.x EPOHF1052048.zip April 9, 2015
GTI Proxy 2.0 Patch GTI Proxy Patch 6   July 15, 2015
MEG Patch 7.6.401   September 23, 2015
MWG 7.5.1.1 Patch 7.5.1.1   March 27, 2015
MWG 7.4.2.8 Patch 7.4.2.8   March 27, 2015
NGFW 5.7.9 Maintenance Release 5.7.9   April 1, 2015
NGFW 5.5.14 Maintenance Release 5.5.14   April 1, 2015
RSD 5.0.1 Hotfix Hotfix 1 RSDSensorPackage_5.0.1.60.zip April 1, 2015
SIEM 9.3.2 Maintenance Release 9.3.2MR18 APM_Update_9.3.2.signed.tgz
DBM_Update_9.3.2.signed.tgz
ESSREC_Update_9.3.2.signed.tgz
ESS_Update_9.3.2.signed.tgz
IPS_Update_9.3.2.signed.tgz
RECEIVER_Update_9.3.2.signed.tgz
September 11, 2015
SIEM 9.4.2 Maintenance Release 9.4.2MR7 APM_Update_9.4.2.signed.tgz
DBM_Update_9.4.2.signed.tgz
ESSREC_Update_9.4.2.signed.tgz
ESS_Update_9.4.2.signed.tgz
IPS_Update_9.4.2.signed.tgz
RECEIVER_Update_9.4.2.signed.tgz
April 24, 2015
SIEM 9.5.0 Maintenance Release 9.5.0MR4 APM_Update_9.5.0MR4.signed.tgz
DBM_Update_9.5.0MR4.signed.tgz
ESSREC_Update_9.5.0MR4.signed.tgz
ESS_Update_9.5.0MR4.signed.tgz
IPS_Update_9.5.0MR4.signed.tgz
RECEIVER_Update_9.5.0MR4.signed.tgz
May 13, 2015
VSEL Hotfix 1064407 McAfeeVSEForLinux-2.0.2.29099-HF1064407.zip May 21, 2015
 
Product Specific Notes
  • McAfee Agent
    MA version CVE-2015-0286
    4.8.0 Not Vulnerable
    5.0.0 Vulnerable
     
  • McAfee Asset Manager
    RSD 4.7.x is not vulnerable.
     
    MAM 6.6 is vulnerable because the product is packaged with the Debian Squeeze Linux platform. Debian has released a new version of OpenSSL for Squeeze LTS: version 0.9.8o-4squeeze20. The hotfix also resolves CVE-2015-0204 (Freak) and CVE-2015-0288.

    MAM 6.6 Hotfix 5 was originally released on March 23. It has been superseded by Hotfix 7, which includes a rollup of MAM hotfixes 1-6. 
     
  • Network DLP
    CVE-2015-0204 was tested with the OpenSSL_client -connect 172.20.242.237:443 -cipher EXPORT command.
     
  • Rogue System Detection Sensor
    RSD 4.7.x is not vulnerable.
     
  • SIEM
    SIEM version CVE-2015-0204 CVE-2015-0286 CVE-2015-0292
    9.3.2 Patched Patched Patched
    9.4.2 Patched Patched Patched
    9.5.0 Patched Patched Patched
    Patched = The SIEM team has released patches that already address this vulnerability.
Product Download Instructions
  1. Launch Internet Explorer.
  2. Navigate to: http://www.mcafee.com/us/downloads/downloads.aspx.
  3. Provide your valid McAfee Grant Number. *
  4. Click your product suite.
  5. Click the applicable product (see table above) and click I Agree.
  6. Click the Patches tab and click the link to download the product .ZIP file under the Product column.
* NOTE: The Content and Cloud Security portal does not require a Grant Number; however, customers have received login credentials together with their MWG license.

For instructions on how to download products, documentation, security updates, patches, or hotfixes, see: KB56057.

For instructions on how to install/upgrade this hotfix/patch, please review the Release Notes and the Installation Guide (which you can download from the Documentation tab) following the same steps above.

Workaround

None. Install the provided hotfix/patch/version updates.

Mitigations
Vulnerability detection signatures for McAfee Vulnerability Manager (MVM) are updated frequently.

Acknowledgements

These vulnerabilities was first disclosed by the OpenSSL Organization (https://www.openssl.org/news/secadv_20150319.txt) as a Security Advisory.

Frequently Asked Questions (FAQs)

How do I know if my McAfee product is vulnerable or not?

For Endpoint products:
Use the following instructions for endpoint or client based products:
  1. Right-click on the McAfee tray shield icon on the Windows task bar.
  2. Select Open Console.
  3. In the console, select Action Menu.
  4. In the Action Menu, select Product Details. The product version is displayed.
For ePO / Server products:
Use the following instructions for server based products:
  • Check the version and build of ePO that is installed. For more information on how to check the version, see: KB52634.
  • Or, create a query in ePO for the product version of the product installed within your organization.
For Appliances:
Use the following instructions for Appliance based products:
  1. Open the Administrator's User Interface (UI).
  2. Click the About link. The product version is displayed.
What is CVSS?
CVSS, or Common Vulnerability Scoring System, is the result of the National Infrastructure Advisory Council’s effort to standardize a system of assessing the criticality of a vulnerability. This system offers an unbiased criticality score between 0 and 10 that customers can use to judge how critical a vulnerability is and plan accordingly. For more information, please visit the CVSS website at: http://www.first.org/cvss/.

When calculating CVSS v2 scores, McAfee has adopted a philosophy that fosters consistency and repeatability. Our guiding principle for CVSS scoring is to score the exploit under consideration by itself. We consider only the immediate and direct impact of the exploit under consideration. We do not factor into a score any potential follow-on exploits that might be made possible by successful exploitation of the issue being scored.

CVSS v3 scoring is in final review as of March 2015.  CVSS v2 will be replaced with CVSS v3 once v3 is fully approved.
https://www.first.org/cvss/v3/development
https://www.first.org/cvss/calculator/3.0
 
What are the CVSS scoring metrics that have been used?

CVE-2015-0204: RSA silently downgrades to EXPORT_RSA
 
 Base Score 5.0
 Related exploit range (AccessVector) Network (N)
 Attack complexity (AccessComplexity) Low (L)
 Level of authentication needed (Authentication) None (N)
 Confidentiality impact None (N)
 Integrity impact None (N)
 Availability impact Partial (P)
 Temporal Score (Overall) 4.3
 Availability of exploit (Exploitability) Unproven that Exploit Exists (U)
 Type of fix available (RemediationLevel) Unavailable (U)
 Level of verification that vulnerability exists (ReportConfidence) Confirmed (C)

NOTE: CVSS version 2.0 was used to generate this score.
http://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:C)

CVE-2015-0207: Segmentation fault in DTLSv1_listen  
 
 Base Score 5.0
 Related exploit range (AccessVector) Network (N)
 Attack complexity (AccessComplexity) Low (L)
 Level of authentication needed (Authentication) None (N)
 Confidentiality impact None (N)
 Integrity impact None (N)
 Availability impact Partial (P)
 Temporal Score (Overall) 4.3
 Availability of exploit (Exploitability) Unproven that Exploit Exists (U)
 Type of fix available (RemediationLevel) Unavailable (U)
 Level of verification that vulnerability exists (ReportConfidence) Confirmed (C)

NOTE: CVSS version 2.0 was used to generate this score.
http://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:C)

CVE-2015-0208: Segmentation fault for invalid PSS parameters  
 
 Base Score 4.3
 Related exploit range (AccessVector) Network (N)
 Attack complexity (AccessComplexity) Medium (M)
 Level of authentication needed (Authentication) None (N)
 Confidentiality impact None (N)
 Integrity impact None (N)
 Availability impact Partial (P)
 Temporal Score (Overall) 3.7
 Availability of exploit (Exploitability) Unproven that Exploit Exists (U)
 Type of fix available (RemediationLevel) Unavailable (U)
 Level of verification that vulnerability exists (ReportConfidence) Confirmed (C)

NOTE: CVSS version 2.0 was used to generate this score.
http://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:C)

CVE-2015-0209: Use after free following d2i_ECPrivatekey error    
 
 Base Score 6.8
 Related exploit range (AccessVector) Network (N)
 Attack complexity (AccessComplexity) Medium (M)
 Level of authentication needed (Authentication) None (N)
 Confidentiality impact Partial (P)
 Integrity impact Partial (P)
 Availability impact Partial (P)
 Temporal Score (Overall) 5.8
 Availability of exploit (Exploitability) Unproven that Exploit Exists (U)
 Type of fix available (RemediationLevel) Unavailable (U)
 Level of verification that vulnerability exists (ReportConfidence) Confirmed (C)

NOTE: CVSS version 2.0 was used to generate this score.
http://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:C)

CVE-2015-0285: Handshake with unseeded PRNG   
 
 Base Score 4.3
 Related exploit range (AccessVector) Network (N)
 Attack complexity (AccessComplexity) Medium (M)
 Level of authentication needed (Authentication) None (N)
 Confidentiality impact Partial (P)
 Integrity impact None (N)
 Availability impact None (N)
 Temporal Score (Overall) 3.7
 Availability of exploit (Exploitability) Unproven that Exploit Exists (U)
 Type of fix available (RemediationLevel) Unavailable (U)
 Level of verification that vulnerability exists (ReportConfidence) Confirmed (C)

NOTE: CVSS version 2.0 was used to generate this score.
http://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:C)

CVE-2015-0286: Segmentation fault in ASN1_TYPE_cmp  
 
 Base Score 5.0
 Related exploit range (AccessVector) Network (N)
 Attack complexity (AccessComplexity) Low (L)
 Level of authentication needed (Authentication) None (N)
 Confidentiality impact None (N)
 Integrity impact None (N)
 Availability impact Partial (P)
 Temporal Score (Overall) 4.3
 Availability of exploit (Exploitability) Functional Exploit Exists (F)
 Type of fix available (RemediationLevel) Temporary Fix (T)
 Level of verification that vulnerability exists (ReportConfidence) Confirmed (C)

NOTE: CVSS version 2.0 was used to generate this score.
http://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:TF/RC:C)

CVE-2015-0287: ASN.1 structure reuse memory corruption  
 
 Base Score 5.0
 Related exploit range (AccessVector) Network (N)
 Attack complexity (AccessComplexity) Low (L)
 Level of authentication needed (Authentication) None (N)
 Confidentiality impact None (N)
 Integrity impact None (N)
 Availability impact Partial (P)
 Temporal Score (Overall) 4.3
 Availability of exploit (Exploitability) Functional Exploit Exists (F)
 Type of fix available (RemediationLevel) Temporary Fix (T)
 Level of verification that vulnerability exists (ReportConfidence) Confirmed (C)

NOTE: CVSS version 2.0 was used to generate this score.
http://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:TF/RC:C)

CVE-2015-0288: X509_to_X509_REQ NULL pointer deref   
 
 Base Score 5.0
 Related exploit range (AccessVector) Network (N)
 Attack complexity (AccessComplexity) Low (L)
 Level of authentication needed (Authentication) None (N)
 Confidentiality impact None (N)
 Integrity impact None (N)
 Availability impact Partial (P)
 Temporal Score (Overall) 4.3
 Availability of exploit (Exploitability) Unproven that Exploit Exists (U)
 Type of fix available (RemediationLevel) Unavailable (U)
 Level of verification that vulnerability exists (ReportConfidence) Confirmed (C)

NOTE: CVSS version 2.0 was used to generate this score.
http://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:C)

CVE-2015-0289: PKCS7 NULL pointer dereferences 
 
 Base Score 5.0
 Related exploit range (AccessVector) Network (N)
 Attack complexity (AccessComplexity) Low (L)
 Level of authentication needed (Authentication) None (N)
 Confidentiality impact None (N)
 Integrity impact None (N)
 Availability impact Partial (P)
 Temporal Score (Overall) 4.3
 Availability of exploit (Exploitability) Functional Exploit Exists (F)
 Type of fix available (RemediationLevel) Temporary Fix (T)
 Level of verification that vulnerability exists (ReportConfidence) Confirmed (C)

NOTE: CVSS version 2.0 was used to generate this score.
http://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:TF/RC:C)

CVE-2015-0290: Multiblock corrupted pointer
 
 Base Score 5.0
 Related exploit range (AccessVector) Network (N)
 Attack complexity (AccessComplexity) Low (L)
 Level of authentication needed (Authentication) None (N)
 Confidentiality impact None (N)
 Integrity impact None (N)
 Availability impact Partial (P)
 Temporal Score (Overall) 4.3
 Availability of exploit (Exploitability) Unproven that Exploit Exists (U)
 Type of fix available (RemediationLevel) Unavailable (U)
 Level of verification that vulnerability exists (ReportConfidence) Confirmed (C)

NOTE: CVSS version 2.0 was used to generate this score.
http://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:C)

CVE-2015-0291: ClientHello signals DoS 

 

 Base Score 5.0
 Related exploit range (AccessVector) Network (N)
 Attack complexity (AccessComplexity) Low (L)
 Level of authentication needed (Authentication) None (N)
 Confidentiality impact None (N)
 Integrity impact None (N)
 Availability impact Partial (P)
 Temporal Score (Overall) 4.3
 Availability of exploit (Exploitability) Unproven that Exploit Exists (U)
 Type of fix available (RemediationLevel) Unavailable (U)
 Level of verification that vulnerability exists (ReportConfidence) Confirmed (C)

NOTE: CVSS version 2.0 was used to generate this score.
http://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:C)

CVE-2015-0292: Base64 decode  
 
 Base Score 7.5
 Related exploit range (AccessVector) Network (N)
 Attack complexity (AccessComplexity) Low (L)
 Level of authentication needed (Authentication) None (N)
 Confidentiality impact Partial (P)
 Integrity impact Partial (P)
 Availability impact Partial (P)
 Temporal Score (Overall) 6.4
 Availability of exploit (Exploitability) Functional Exploit Exists (F)
 Type of fix available (RemediationLevel) Temporary Fix (T)
 Level of verification that vulnerability exists (ReportConfidence) Confirmed (C)

NOTE: CVSS version 2.0 was used to generate this score.
http://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:TF/RC:C)

CVE-2015-0293: DoS via reachable assert in SSLv2
 
 Base Score 5.0
 Related exploit range (AccessVector) Network (N)
 Attack complexity (AccessComplexity) Low (L)
 Level of authentication needed (Authentication) None (N)
 Confidentiality impact None (N)
 Integrity impact None (N)
 Availability impact Partial (P)
 Temporal Score (Overall) 4.3
 Availability of exploit (Exploitability) Unproven that Exploit Exists (U)
 Type of fix available (RemediationLevel) Unavailable (U)
 Level of verification that vulnerability exists (ReportConfidence) Confirmed (C)

NOTE: CVSS version 2.0 was used to generate this score.
http://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:C)

CVE-2015-1787: Empty CKE with client auth and DHE
 
 Base Score 2.6
 Related exploit range (AccessVector) Network (N)
 Attack complexity (AccessComplexity) High (H)
 Level of authentication needed (Authentication) None (N)
 Confidentiality impact None (N)
 Integrity impact None (N)
 Availability impact Partial (P)
 Temporal Score (Overall) 2.2
 Availability of exploit (Exploitability) Unproven that Exploit Exists (U)
 Type of fix available (RemediationLevel) Unavailable (U)
 Level of verification that vulnerability exists (ReportConfidence) Confirmed (C)

NOTE: CVSS version 2.0 was used to generate this score.
http://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:C)


Where can I find a list of all security bulletins or how do I report a product vulnerability?
To find a list of all security bulletins, or if you have information about a security issue or vulnerability with a McAfee product, please visit our product security website at: http://www.mcafee.com/us/threat-center/product-security-bulletins.aspx.

Resources

{GENAA.EN_US}

Disclaimer

The information provided in this security bulletin is provided as is without warranty of any kind. McAfee disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall McAfee or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits, or special damages, even if McAfee or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
 
Any future product release dates mentioned in this security bulletin are intended to outline our general product direction and they should not be relied on in making a purchasing decision. The product release dates are for information purposes only, and may not be incorporated into any contract. The product release dates are not a commitment, promise, or legal obligation to deliver any material, code, or functionality. The development, release, and timing of any features or functionality described for our products remains at our sole discretion and may be changed or cancelled at any time.

Rate this document

Did this article resolve your issue?

Please provide any comments below

Languages:

This article is available in the following languages:

English United States
Japanese

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms


 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.