145 replies to this topic

[AplusWebMaster]

FYI...

McAfee ePolicy Orchestrator - multiple vulns
- https://secunia.com/advisories/53159/
Release Date: 2013-04-22
Criticality level: Highly critical
Impact: Exposure of sensitive information, System access
Where: From remote
Software: McAfee ePolicy Orchestrator 4.x
CVE Reference(s):
- https://web.nvd.nist...d=CVE-2013-0169 - 2.6
- https://web.nvd.nist...d=CVE-2013-1484 - 10.0 (HIGH)
- https://web.nvd.nist...d=CVE-2013-1485 - 5.0
... weakness and vulnerabilities are reported in versions 4.6.5 and prior.
Solution: Update to version 4.6.6 or 5.0.
Original Advisory: SB10041:
https://kc.mcafee.co...=...&id=SB10041
Last Modified: April 24, 2013

- https://kc.mcafee.co...=...&id=SB10042
Last Modified: April 26, 2013 - "... The remediation plan is to patch the currently supported versions of ePO 4.5 and 4.6 beginning with patch 4.6.6 and 4.5.7..."

- https://web.nvd.nist...d=CVE-2013-0140 - 7.9 (HIGH)
- https://web.nvd.nist...d=CVE-2013-0141 - 4.3

- http://www.kb.cert.org/vuls/id/209131
Last revised: 29 Apr 2013

- http://h-online.com/-1854555
2 May 2013

Edited by AplusWebMaster, 02 May 2013 - 05:53 AM.

[AplusWebMaster]

FYI...

Symantec Web Gateway Security Issues - SYM13-008
- https://www.symantec...uid=20130725_00
July 25, 2013
- http://www.securityt....com/id/1028836
CVE Reference: CVE-2013-1616, CVE-2013-1617, CVE-2013-4670, CVE-2013-4671, CVE-2013-4672, CVE-2013-4673
Jul 26 2013
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 5.1.0 and prior...
Solution: The vendor has issued a fix (5.1.1)...

McAfee ePolicy Orchestrator - updated
- https://kc.mcafee.co...=...&id=KB78824
July 19, 2013
McAfee Network Threat Behavior Analysis...
- http://www.securityt....com/id/1028826
Jul 24 2013
Impact: Root access via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 7.1, 7.5
Solution: The vendor has issued a fix (7.1.3.21, 7.5.3.30).
The vendor's advisory is available at:
- https://kc.mcafee.co...=...&id=SB10045

CA Service Desk Manager - flaw permits Cross-Site Scripting Attacks
- http://www.securityt....com/id/1028835
CVE Reference: CVE-2013-2630
July 26 2013
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available: Yes Vendor Confirmed: Yes
Version(s): Manager 12.5, 12.6, 12.7
Description: A vulnerability was reported in CA Service Desk Manager. A remote user can conduct cross-site scripting attacks...
Solution: The vendor has issued a fix...
The vendor's advisory is available at:
- http://support.ca.co...6-3D454437AD53}
Platform: Windows, Sun, AIX, Linux
Affected Products: CA Service Desk Manager 12.5, 12.6, 12.7

- https://krebsonsecur...m-heal-thyself/
July 26, 2013

Edited by AplusWebMaster, 28 July 2013 - 04:56 PM.

[AplusWebMaster]

FYI...

McAfee Artemis/GTI File Reputation False Positive
- https://isc.sans.edu...l?storyid=16264
Last Updated: 2013-07-31 23:06:26 UTC - "... readers reporting false postive issues with McAffees GTI and Artemis products. According to a knowledgebase article on McAfee's site, it appears that the file reputation system is producing bad results due to a server issue [1]..."

[1] https://kc.mcafee.co...=...&id=KB78993
Artemis false positive detections from Global Threat Intelligence
Last Modified: August 01, 2013 - "... updated as additional information becomes available. Please check back for more information.
Problem: McAfee has determined that Artemis/GTI File Reputation is producing some false-positive detections due to a server issue.
IMPORTANT: This is not an issue with the current McAfee DAT files.
Cause: This issue was caused by specific Global Threat Intelligence servers.
Solution: McAfee is investigating this issue. This article will be updated as additional information becomes available...
IMPORTANT: If you have files that were incorrectly detected, do not restart your systems. This could cause the files to be unrecoverable.
See the following workarounds for instructions to recover from this issue..."

- https://isc.sans.edu... Positive/16264
"... A remediation tool is now available. Customers with quarantined files should access KB78993 ( https://kc.mcafee.co...=...&id=KB78993 ) to download the remediation tool and recover the quarantined files."

Edited by AplusWebMaster, 01 August 2013 - 04:24 AM.

[AplusWebMaster]

FYI...

Sophos Web Appliance - updates
- http://www.sophos.co...ase/119773.aspx
Updated: 9 Sep 2013 - "... resolved with the 3.7.9.1 and 3.8.1.1 releases of the Sophos Web Appliance software..."

- https://isc.sans.edu...l?storyid=16526
Last Updated: 2013-09-09 12:55:06 UTC

- http://www.coresecur...vulnerabilities
2013-09-06

- http://www.securityt....com/id/1028984
CVE Reference:
- https://web.nvd.nist...d=CVE-2013-4983
- https://web.nvd.nist...d=CVE-2013-4984
Sep 6 2013
Impact: Execution of arbitrary code via network, Root access via local system, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 3.7.9 and prior, 3.8.0 and 3.8.1 ...
Solution: The vendor has issued a fix (3.7.9.1, 3.8.1.1).

- http://www.theregist...appliance_vuln/
9 Sep 2013

[AplusWebMaster]

FYI...

Kaspersky false positive ...
- https://isc.sans.edu...l?storyid=16904
Last Updated: 2013-10-25 17:41:34 UTC - "... Kaspersky AV has identified tcpip.sys as malware on his Windows 7 32bit hosts - the file is flagged as "HEUR:Trojan.Win32.Generic". Fortunately, Microsoft's Windows File Protection feature ( https://support.micr...t.com/kb/222193 ) prevented it from quarantining this critical file... Kaspersky has verified... that this is resolved in their latest update. If you're seeing this issue, get your AV to "phone home" for the fix!"

Edited by AplusWebMaster, 25 October 2013 - 12:15 PM.

[AplusWebMaster]

FYI...

SYM14-011 - Symantec Encryption Desktop for OS X World-Writable Files Insecure File Handling
- http://www.symantec....uid=20140620_00
June 20, 2014 - "Overview: Symantec’s Encryption Desktop for OS X installs some temporary files with world-writable attributes during installation.  In a multi-user environment, a malicious user could manipulate these world-writable files to read and write files or create files with another user’s permissions..
Symantec Response: Symantec engineers verified these finding and have released an update in Symantec Encryption Desktop 10.3.2 maintenance pack 2 for OS X addressing the issue.
Update information: Customers may obtain Symantec Desktop Encryption maintenance updates through their normal Symantec support locations...
Best Practices: As part of normal best practices, Symantec strongly recommends:
- Restrict access to administration or management systems to privileged users.
- Disable remote access if not required or restrict it to trusted/authorized systems only.
- Where possible, limit exposure of application and web interfaces to trusted/internal networks only.
- Keep all operating systems and applications updated with the latest vendor patches.
- Follow a multi-layered approach to security. Run both firewall and anti-malware applications, at a minimum, to provide multiple points of detection and protection to both inbound and outbound threats.
- Deploy network and host-based intrusion detection systems to monitor network traffic for signs of anomalous or suspicious activity. This may aid in detection of attacks or malicious activity related to exploitation of latent vulnerabilities..."
 

[AplusWebMaster]

FYI...

Sophos AV Input Validation Flaw ...
- http://www.securityt....com/id/1030467
CVE Reference: https://cve.mitre.or...e=CVE-2014-2385
Jun 25 2014
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 9.5.1 ...
Solution: The vendor has issued a fix (9.6.1).
Vendor URL: http://www.sophos.co...base/11846.aspx
 

[AplusWebMaster]

FYI...

SYM14-012 - Symantec Data Insight Management Console HTML Injection and Cross-Site Scripting
- http://www.symantec....uid=20140625_00
June 25, 2014 - "Overview: The management console for Symantec Data Insight does not sufficiently validate/sanitize arbitrary input in two separate fields within the management GUI. This could potentially allow unauthorized command execution or potential malicious redirection.
Overview: The management console for Symantec Data Insight does not sufficiently validate/sanitize arbitrary input in two separate fields within the management GUI. This could potentially allow unauthorized command execution or potential malicious redirection...
Symantec Response: Symantec product engineers verified these issues and have released updates to resolve them. Customers should update to Symantec Data Insight 4.5..."
CVEs: CVE-2014-3432, CVE-2014-3433

- http://www.securityt....com/id/1030472
Jun 26 2014
Version(s): 3.x, 4.x prior to 4.5
___

Threat Report: May 2014
- http://www.symantec....hreatreport.jsp
"Key Findings:
- A large data breach occurred in May, resulting in the potential exposure of over 145 million identities. Over -577- million identities have been exposed in the last 12 months.
- Ransomware continues to decline as the year progresses, down to 17 percent of the peak levels seen back in November 2013.
- Spam, phishing, and virus rates are up in May, after having each dropped in April."

> http://www.symantec....-lightbox-5.png
 

[AplusWebMaster]

FYI...

SYM14-013 Symantec Endpoint 0-day vuln ...
- http://www.symantec....t&id=TECH223338
2014-07-29 | Updated: 2014-08-04 - "... Solution: Symantec product engineers have verified these issues and have released critical updates to resolve them. Currently Symantec is not aware of exploitation of or adverse impact on our customers due to this issue. The issue, as reported, affects the Application and Device Control component of Symantec Endpoint Protection. This vulnerability is not accessible remotely and only affects SEP clients actually running Application and Device Control. If the vulnerability is exploited by accessing the computer directly, it could result in a client crash, denial of service, or, if successful, escalate to admin privileges and gain control of the computer. This vulnerability affects all versions of Symantec Endpoint Protection clients 11.x and 12.x running Application and Device Control...
- Mitigation: Symantec Endpoint Protection 12.1 Release Update 4 Maintenance Patch 1b (RU4 MP1b) is available currently in English on Symantec FileConnect. See Obtaining the latest version of Symantec Endpoint Protection or Symantec Network Access Control for additional instruction on downloading this release. All supported languages will be released to FileConnect as soon as they are available. This Knowledge Base article will be updated as further information becomes available. Please subscribe to this document to receive update notifications automatically. This version updates the Symantec Endpoint Protection clients to 12.1.4112.4156 to address this issue. There are no updates to the Symantec Endpoint Protection Manager included with this release. This Symantec Endpoint Protection client update is a complete release and accepts migrations from any previous release of the Symantec Endpoint Protection 11.0 and 12.1 product line. Symantec Endpoint Protection 12.1 for Small Business is not affected, so there are no updates to the product for this issue...
(More detail at the symantec URL above.)

- http://www.symantec....uid=20140804_00
Aug 4, 2014

- http://www.kb.cert.org/vuls/id/252068
4 Aug 2014

- https://web.nvd.nist...d=CVE-2014-3434
___

- https://www.computer...oint_Protection
Aug 6, 2014 - "Symantec has released a patch for privilege escalation flaws in its Endpoint Protection product, and the company which found the issues released the exploit code on Tuesday..."
___

Certificate error occurs when attempting to install or upgrade Symantec Endpoint Protection
- http://www.symantec....t&id=TECH218029
Updated: 2014-08-06
 

Edited by AplusWebMaster, 08 August 2014 - 10:33 AM.

[AplusWebMaster]

FYI...

McAfee Security Bulletin - Bash Shellshock Code Injection Exploit Updates
- https://kc.mcafee.co...tent&id=SB10085
Last Modified: 10/6/2014
CVE Number: CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
US CERT Number: CERT/CC VU#252743
Red Hat Advisory RHBA-2013:1096-1
Exploit Database EDB-ID: 34766
Severity Rating: High
Base/Overall CVSS Score: 10.0 / 9.0 (All CVEs listed above)
Recommendations: Deploy the remediation signatures/rules first. Update product patches/hotfixes as they become available.
McAfee Product Vulnerability Status: Investigation into all McAfee products is ongoing. This security bulletin will be updated at least -daily- as additional information and patches are made available.
Location of Updated Software: http://www.mcafee.co.../downloads.aspx
(More detail at the first mcafee URL at the top of this post.)

Remediation: https://kc.mcafee.co...085#remediation

- http://www.securityt....com/id/1030985
CVE Reference: CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
Oct 9 2014
___

Fortinet - GNU Bash Multiple vulns
- http://blog.fortinet.../shellshock-faq
V 1.4 Sep 29 2014 - "This document will be updated and maintained as new or updated information becomes available. Continue to check this page for updates... FortiGuard Labs is currently investigating and will provide updated IPS and AV signatures if appropriate... It is important to note that FortiOS is not affected by Shellshock. FortiOS does -not- use the Bash shell... Ensure you have appropriate IPS signatures deployed to monitor and mitigate any potential attacks on your infrastructure. Fortinet issued an update* to our customers with IPS signatures to detect and prevent Shellshock attacks. This signature is available for download via FDN..."
* Latest 2014-10-02: http://www.fortiguar...l?version=5.554

- http://www.fortiguar...y/FG-IR-14-030/
 

Edited by AplusWebMaster, 10 October 2014 - 09:02 AM.

[AplusWebMaster]

FYI...

ClamAV multiple vulnerabilities - updates available
- https://secunia.com/advisories/62542/
Release Date: 2014-11-27
Criticality: Highly Critical
Where: From remote
Impact: System access
Solution Status: Vendor Patch...

- http://www.securityt....com/id/1031267
CVE Reference: https://cve.mitre.or...e=CVE-2013-6497
Nov 27 2014
Impact: Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes ...
Version(s): prior to 0.98.5
Description: A vulnerability was reported in Clam AntiVirus. A remote or local user can cause denial of service conditions.
Impact: A user can cause the target service to crash...
Solution: The vendor has issued a fix (0.98.5)...

- http://www.securityt....com/id/1031268
CVE Reference: https://cve.mitre.or...e=CVE-2014-9050
Nov 27 2014
Impact: Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 0.98.5
Impact: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can cause denial of service conditions...
The vendor's advisory is available at:
- http://blog.clamav.n...n-released.html
Nov 18 2014 - "... ClamAV 0.98.5 includes new features and bug fixes..."

> http://www.clamav.net/download.html

- http://www.clamav.net/about.html

- http://www.clamav.net/doc/install.html

- https://twitter.com/clamav
 

Edited by AplusWebMaster, 28 November 2014 - 10:55 PM.