From 74881e7398722a697d6e489f5f6028e3c30d27e5 Mon Sep 17 00:00:00 2001 From: lordoxley <40054947+lordoxley@users.noreply.github.com> Date: Fri, 22 Mar 2019 13:56:37 +0000 Subject: [PATCH 1/2] Update CVE-2018-6703 --- 2018/6xxx/CVE-2018-6703.json | 201 ++++++++++++++++------------------- 1 file changed, 91 insertions(+), 110 deletions(-) diff --git a/2018/6xxx/CVE-2018-6703.json b/2018/6xxx/CVE-2018-6703.json index 77190f45590..63d2bb971b0 100644 --- a/2018/6xxx/CVE-2018-6703.json +++ b/2018/6xxx/CVE-2018-6703.json @@ -1,112 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@mcafee.com", - "ID": "CVE-2018-6703", - "STATE": "PUBLIC", - "TITLE": "McAfee Agent Incorrect memory and handle management vulnerability" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "McAfee Agent (MA)", - "version": { - "version_data": [ - { - "affected": ">=", - "platform": "x86", - "version_name": "5.0.0", - "version_value": "5.0.0" - }, - { - "affected": "<=", - "platform": "x86", - "version_name": "5.0.6", - "version_value": "5.0.6" - }, - { - "version_name": "5.5.0", - "version_value": "5.5.0" - }, - { - "version_name": "5.5.1", - "version_value": "5.5.1" - } - ] - } - } - ] - }, - "vendor_name": "McAfee" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@mcafee.com", + "ID": "CVE-2018-6703", + "STATE": "PUBLIC", + "TITLE": "Remote Logging functionality had a use after free vulnerability in McAfee Agent" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "McAfee Agent", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "5.x", + "version_value": "5.6.0" + } + ] + } + } + ] + }, + "vendor_name": "McAfee, LLC" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging service." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.5" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } ] - } - }, - "credit": [ - { - "lang": "eng", - "value": "McAfee credits Frank Cozijnsen of the KPN RED-team for reporting this flaw." - } - ], - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Use After Free in McAfee Common service in McAfee Agent (MA) 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted TCP packet." - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "ADJACENT_NETWORK", - "availabilityImpact": "LOW", - "baseScore": 4.3, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Use After Free (CWE-416)" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10258", - "refsource": "CONFIRM", - "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10258" - } - ] - }, - "source": { - "advisory": "SB10258", - "discovery": "EXTERNAL" - }, - "work_around": [ - { - "lang": "eng", - "value": "McAfee highly recommends that all customers upgrade to McAfee Agent 5.6.0.\n\nIf you cannot upgrade, consider the below configuration change as a temporary workaround.\nDisable the remote logging feature via policy:\nGo to the assigned policy type General for the product McAfee Agent.\nGo to Logging tab.\nDisable Enable remote access to log." - } - ] -} \ No newline at end of file + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10258", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10258" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "eng", + "value": "Remote logging is disabled by default. Turning off remote logging protects from this issue." + } + ] +} From 659619e2671fe8f3a76fa6d92d82c43ef33ad773 Mon Sep 17 00:00:00 2001 From: lordoxley <40054947+lordoxley@users.noreply.github.com> Date: Fri, 22 Mar 2019 14:02:11 +0000 Subject: [PATCH 2/2] Minor typo fix on CVE-2018-6703 --- 2018/6xxx/CVE-2018-6703.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2018/6xxx/CVE-2018-6703.json b/2018/6xxx/CVE-2018-6703.json index 63d2bb971b0..3694e346770 100644 --- a/2018/6xxx/CVE-2018-6703.json +++ b/2018/6xxx/CVE-2018-6703.json @@ -87,7 +87,7 @@ "work_around": [ { "lang": "eng", - "value": "Remote logging is disabled by default. Turning off remote logging protects from this issue." + "value": "Remote logging is disabled by default. Turning off remote logging protects against this issue." } ] }