McAfee Network DLP Hotfix voor GHOST

McAfee Network DLP Hotfix voor GHOST

DearBytesNieuwsProduct updatesMcAfee Network DLP Hotfix voor GHOST

network-dlpIntel Security heeft Hotfix 1045663_47280 uitgebracht voor McAfee Network Data Loss Prevention 9.3.3. De hotfix lost drie kwetsbaarheden op in de software, waaronder de GHOST kwetsbaarheid.

Officiële aankondiging hotfix 1045663_47280

Three vulnerabilities in Network DLP have been discovered and resolved.

AFFECTED PRODUCT VERSIONS

  • 9.3.3
  • 9.3.2 and earlier

PROTECTED VERSIONS
These product versions are NOT affected:

  • 9.3.3 with Hotfix 1045663_47280

IMPACT

  • CVE-2008-5161 (CVSS: 2.9; Severity: Low) is a server-side vulnerability that remote attackers can easily recover certain plaintext data from an arbitrary block of cipher text in an SSH session via unknown vectors.
  • CVE-2014-4877 (CVSS: 6.6; Severity: Medium) is an absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.
  • CVE-2015-235 (CVSS: 7.8; Severity: High) is a vulnerability that is a serious weakness in the Linux glibc library. It allows attackers to remotely take complete control of the target system without having any prior knowledge of system credentials

RECOMMENDATION
McAfee recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant patches or hotfixes. For full instructions and information, see McAfee KnowledgeBase article SB10106, McAfee Data Loss Prevention addresses 2 security issues. (https://kc.mcafee.com/corporate/index?page=content&id=SB10106)

Also see McAfee KnowledgeBase article SB10100, GHOST Vulnerability (https://kc.mcafee.com/corporate/index?page=content&id=SB10100)