SB2019022821 - Multiple vulnerabilities in agent

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Buffer overflow (CVE-ID: CVE-2019-3598)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Buffer Access with Incorrect Length Value in McAfee Agent (MA) 5.x allows remote unauthenticated users to potentially cause a denial of service via specifically crafted UDP packets.

2) Information disclosure (CVE-ID: CVE-2019-3599)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Information Disclosure vulnerability in Remote logging (which is disabled by default) in McAfee Agent (MA) 5.x allows remote unauthenticated users to access sensitive information via remote logging when it is enabled.

Remediation

Install update from vendor's website.

References

• http://www.securityfocus.com/bid/107205
• https://kc.mcafee.com/corporate/index?page=content&id=SB10272
• https://kc.mcafee.com/corporate/index?page=content&id=SB10271