Page 6 of 6 FirstFirst ... 23456
Results 51 to 56 of 56

Thread: Multiple AV vendor vulns / updates / issues

  1. #51
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation McAfee Artemis/GTI File Reputation False Positive

    FYI...

    McAfee Artemis/GTI File Reputation False Positive
    - https://isc.sans.edu/diary.html?storyid=16264
    Last Updated: 2013-07-31 23:06:26 UTC - "... readers reporting false postive issues with McAffees GTI and Artemis products. According to a knowledgebase article on McAfee's site, it appears that the file reputation system is producing bad results due to a server issue [1]..."

    [1] https://kc.mcafee.com/corporate/inde...ent&id=KB78993
    Artemis false positive detections from Global Threat Intelligence
    Last Modified: August 01, 2013 - "... updated as additional information becomes available. Please check back for more information.
    Problem: McAfee has determined that Artemis/GTI File Reputation is producing some false-positive detections due to a server issue.
    IMPORTANT: This is not an issue with the current McAfee DAT files.
    Cause: This issue was caused by specific Global Threat Intelligence servers.
    Solution: McAfee is investigating this issue. This article will be updated as additional information becomes available...
    IMPORTANT: If you have files that were incorrectly detected, do not restart your systems. This could cause the files to be unrecoverable.
    See the following workarounds for instructions to recover from this issue..."

    - https://isc.sans.edu/forums/diary/Mc...Positive/16264
    "... A remediation tool is now available. Customers with quarantined files should access KB78993 ( https://kc.mcafee.com/corporate/inde...ent&id=KB78993 ) to download the remediation tool and recover the quarantined files."

    Last edited by AplusWebMaster; 2013-08-01 at 13:22.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #52
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Sophos Web Appliance - updates

    FYI...

    Sophos Web Appliance - updates
    - http://www.sophos.com/en-us/support/...se/119773.aspx
    Updated: 9 Sep 2013 - "... resolved with the 3.7.9.1 and 3.8.1.1 releases of the Sophos Web Appliance software..."

    - https://isc.sans.edu/diary.html?storyid=16526
    Last Updated: 2013-09-09 12:55:06 UTC

    - http://www.coresecurity.com/advisori...ulnerabilities
    2013-09-06

    - http://www.securitytracker.com/id/1028984
    CVE Reference:
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-4983
    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2013-4984
    Sep 6 2013
    Impact: Execution of arbitrary code via network, Root access via local system, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 3.7.9 and prior, 3.8.0 and 3.8.1 ...
    Solution: The vendor has issued a fix (3.7.9.1, 3.8.1.1).

    - http://www.theregister.co.uk/2013/09...ppliance_vuln/
    9 Sep 2013

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #53
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Kaspersky false positive ...

    FYI...

    Kaspersky false positive ...
    - https://isc.sans.edu/diary.html?storyid=16904
    Last Updated: 2013-10-25 17:41:34 UTC - "... Kaspersky AV has identified tcpip.sys as malware on his Windows 7 32bit hosts - the file is flagged as "HEUR:Trojan.Win32.Generic". Fortunately, Microsoft's Windows File Protection feature ( https://support.microsoft.com/kb/222193 ) prevented it from quarantining this critical file... Kaspersky has verified... that this is resolved in their latest update. If you're seeing this issue, get your AV to "phone home" for the fix!"

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #54
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation SYM14-013 Symantec Endpoint 0-day vuln ...

    FYI...

    SYM14-013 Symantec Endpoint 0-day vuln ...
    - http://www.symantec.com/business/sup...&id=TECH223338
    2014-07-29 | Updated: 2014-08-04 - "... Solution: Symantec product engineers have verified these issues and have released critical updates to resolve them. Currently Symantec is not aware of exploitation of or adverse impact on our customers due to this issue. The issue, as reported, affects the Application and Device Control component of Symantec Endpoint Protection. This vulnerability is not accessible remotely and only affects SEP clients actually running Application and Device Control. If the vulnerability is exploited by accessing the computer directly, it could result in a client crash, denial of service, or, if successful, escalate to admin privileges and gain control of the computer. This vulnerability affects all versions of Symantec Endpoint Protection clients 11.x and 12.x running Application and Device Control...
    - Mitigation: Symantec Endpoint Protection 12.1 Release Update 4 Maintenance Patch 1b (RU4 MP1b) is available currently in English on Symantec FileConnect. See Obtaining the latest version of Symantec Endpoint Protection or Symantec Network Access Control for additional instruction on downloading this release. All supported languages will be released to FileConnect as soon as they are available. This Knowledge Base article will be updated as further information becomes available. Please subscribe to this document to receive update notifications automatically. This version updates the Symantec Endpoint Protection clients to 12.1.4112.4156 to address this issue. There are no updates to the Symantec Endpoint Protection Manager included with this release. This Symantec Endpoint Protection client update is a complete release and accepts migrations from any previous release of the Symantec Endpoint Protection 11.0 and 12.1 product line. Symantec Endpoint Protection 12.1 for Small Business is not affected, so there are no updates to the product for this issue...
    (More detail at the symantec URL above.)

    - http://www.symantec.com/security_res...id=20140804_00
    Aug 4, 2014

    - http://www.kb.cert.org/vuls/id/252068
    4 Aug 2014

    - https://web.nvd.nist.gov/view/vuln/d...=CVE-2014-3434
    ___

    - https://www.computerworld.com/s/arti...int_Protection
    Aug 6, 2014 - "Symantec has released a patch for privilege escalation flaws in its Endpoint Protection product, and the company which found the issues released the exploit code on Tuesday..."
    ___

    Certificate error occurs when attempting to install or upgrade Symantec Endpoint Protection
    - http://www.symantec.com/business/sup...&id=TECH218029
    Updated: 2014-08-06

    Last edited by AplusWebMaster; 2014-08-08 at 19:34.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #55
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation McAfee / Fortinet - Bash Shellshock Code ...

    FYI...

    McAfee Security Bulletin - Bash Shellshock Code Injection Exploit Updates
    - https://kc.mcafee.com/corporate/inde...ent&id=SB10085
    Last Modified: 10/6/2014
    CVE Number: CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
    US CERT Number: CERT/CC VU#252743
    Red Hat Advisory RHBA-2013:1096-1
    Exploit Database EDB-ID: 34766
    Severity Rating: High
    Base/Overall CVSS Score: 10.0 / 9.0 (All CVEs listed above)
    Recommendations: Deploy the remediation signatures/rules first. Update product patches/hotfixes as they become available.
    McAfee Product Vulnerability Status: Investigation into all McAfee products is ongoing. This security bulletin will be updated at least -daily- as additional information and patches are made available.
    Location of Updated Software: http://www.mcafee.com/us/downloads/downloads.aspx
    (More detail at the first mcafee URL at the top of this post.)

    Remediation: https://kc.mcafee.com/corporate/inde...85#remediation

    - http://www.securitytracker.com/id/1030985
    CVE Reference: CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
    Oct 9 2014
    ___

    Fortinet - GNU Bash Multiple vulns
    - http://blog.fortinet.com/post/shellshock-faq
    V 1.4 Sep 29 2014 - "This document will be updated and maintained as new or updated information becomes available. Continue to check this page for updates... FortiGuard Labs is currently investigating and will provide updated IPS and AV signatures if appropriate... It is important to note that FortiOS is not affected by Shellshock. FortiOS does -not- use the Bash shell... Ensure you have appropriate IPS signatures deployed to monitor and mitigate any potential attacks on your infrastructure. Fortinet issued an update* to our customers with IPS signatures to detect and prevent Shellshock attacks. This signature is available for download via FDN..."
    * Latest 2014-10-02: http://www.fortiguard.com/updates/ip...?version=5.554

    - http://www.fortiguard.com/advisory/FG-IR-14-030/

    Last edited by AplusWebMaster; 2014-10-10 at 18:03.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #56
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation ClamAV multiple vulnerabilities - updates available

    FYI...

    ClamAV multiple vulnerabilities - updates available
    - https://secunia.com/advisories/62542/
    Release Date: 2014-11-27
    Criticality: Highly Critical
    Where: From remote
    Impact: System access
    Solution Status: Vendor Patch...

    - http://www.securitytracker.com/id/1031267
    CVE Reference: https://cve.mitre.org/cgi-bin/cvenam...=CVE-2013-6497
    Nov 27 2014
    Impact: Denial of service via network
    Fix Available: Yes Vendor Confirmed: Yes ...
    Version(s): prior to 0.98.5
    Description: A vulnerability was reported in Clam AntiVirus. A remote or local user can cause denial of service conditions.
    Impact: A user can cause the target service to crash...
    Solution: The vendor has issued a fix (0.98.5)...

    - http://www.securitytracker.com/id/1031268
    CVE Reference: https://cve.mitre.org/cgi-bin/cvenam...=CVE-2014-9050
    Nov 27 2014
    Impact: Denial of service via network, Execution of arbitrary code via network, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): prior to 0.98.5
    Impact: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
    A remote user can cause denial of service conditions...
    The vendor's advisory is available at:
    - http://blog.clamav.net/2014/11/clama...-released.html
    Nov 18 2014 - "... ClamAV 0.98.5 includes new features and bug fixes..."

    > http://www.clamav.net/download.html

    - http://www.clamav.net/about.html

    - http://www.clamav.net/doc/install.html

    - https://twitter.com/clamav

    Last edited by AplusWebMaster; 2014-11-29 at 06:54.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •