McAfee Data Exchange Layer sérülékenységek

Típus: Hírek
Publikálva: 28/01/2019
A sérülékenységek részletei:
- CVE-2018-5391 (CVSS: 7.5; Severity: High) - Linux kernel versions 4.9+ can be forced to make expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet, which can lead to a denial of service.
- CVE-2018-15473 (CVSS: 5.3; Severity: Medium) - OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
- CVE-2018-0737 (CVSS: 5.9; Severity: Medium) - The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).
- CVE-2018-5390 (CVSS: 7.5; Severity: High) - Linux kernel versions 4.9+ can be forced to make expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet, which can lead to a denial of service.


A teljes cikk elérhető az alábbi linken:
https://kc.mcafee.com/corporate/index?page=content&id=PD28173

Kapcsolat

+36 1 371 2 370
mcafee.ecs.hu@arrow.com

 CL Social Media Icon - Facebook 40px CL Social Media Icon - Twitter 40px CL Social Media Icon - Blog 40px  YouTube_40  McAfee_SDS_badge