McAfee Network Data Loss Prevention (NDLP) sérülékenységek

Típus: Hírek
Publikálva: 11/07/2018
Az érintett termékek:
- McAfee Network Data Loss Prevention (NDLP) Prevent 11.0.300, vagy korábbi verzió
- McAfee Network Data Loss Prevention (NDLP) Monitor 11.0.300, vagy korábbi verzió

A javítást már tartalmazó verziók:
- McAfee Network Data Loss Prevention (NDLP) Prevent 11.0.301
- McAfee Network Data Loss Prevention (NDLP) Monitor 11.0.301

A sérülékenységek listája:
CVE-2018-0739 (CVSS: 6.5; Severity: Medium): Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe
- CVE-2017-3737 (CVSS: 5.9; Severity: Medium): OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept(), and SSL_connect()); however, due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly
CVE-2017-3738 (CVSS: 5.9; Severity: Medium): There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. 

A teljes cikk elérhető az alábbi linken:


+36 1 371 2 370

 CL Social Media Icon - Facebook 40px CL Social Media Icon - Twitter 40px CL Social Media Icon - Blog 40px  YouTube_40  McAfee_SDS_badge