McAfee Web Gateway 7.8.2.x és 8.0.x sérülékenységek

Típus: Hírek
Publikálva: 13/02/2019
A javítást már tartalmazó verziók:
- McAfee Web Gateway (MWG) 7.8.2.6
- McAfee Web Gateway (MWG) 8.0.3


A sérülékenységek részletei:
- CVE-2018-15473 (CVSS: 5.3; Severity: Medium) - OpenSSH is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed.
- CVE-2018-16395 (CVSS: 7.5; Severity: High) - An issue was discovered in the OpenSSL library in Ruby. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true.
- CVE-2018-10844 (CVSS: 5.9; Severity: Medium) - It was found that GnuTLS's implementation of HMAC-SHA-256 was vulnerable to a Lucky Thirteen-style attack. A remote attacker could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.
- CVE-2018-10845 (CVSS: 5.9; Severity: Medium) - It was found that GnuTLS's implementation of HMAC-SHA-384 was vulnerable to a Lucky Thirteen-style attack. A remote attacker could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.
- CVE-2018-10846 (CVSS: 5.0; Severity: Medium) - A cache-based side channel attack was found in the way GnuTLS implements CBC-mode cipher suites. An attacker could use a combination of "Just in Time" Prime+probe and Lucky Thirteen attacks to recover plain text in a cross-VM attack scenario.


A teljes cikk elérhető az alábbi linken:
https://kc.mcafee.com/corporate/index?page=content&id=SB10267

Kapcsolat

+36 1 371 2 370
mcafee.ecs.hu@arrow.com

 CL Social Media Icon - Facebook 40px CL Social Media Icon - Twitter 40px CL Social Media Icon - Blog 40px  YouTube_40  McAfee_SDS_badge