| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201307152354.r6FNslw1028199@sf01web1.securityfocus.com> Date: Mon, 15 Jul 2013 23:54:47 GMT From: Harold_Toomey@...fee.com To: bugtraq@...urityfocus.com Subject: Re: Multiple vulnerabilities in McAfee ePO 4.6.6 McAfee has released a Knowledgebase Article (KB) to address the issues reported by a NATO pen test. https://kc.mcafee.com/corporate/index?page=content&id=KB78824 Both SQL Injection vulnerabilities were identified on May 10th, 2013 and patched as specified in SB10043. McAfee's internal testing leads us to believe that the ePO systems that NATO penetration tested were not running with the most recent and available patches at the time of the test. Namely, the patched agent extension installed for ePO 4.6.6, as described in SB10043. The Reflected Cross-Site Scripting vulnerabilities are low severity. They will be resolved in ePO 4.6.7, which is tentatively scheduled to be released in late Q3 2013. - Harold Harold Toomey, CISSP, CISA, CISM, CRISC, CGEIT Principal Product Security Architect Product Security Group, McAfee, Inc. (972) 963-7754 | Direct (801) 830-9987 | Mobile Harold_Toomey@...fee.com
Powered by blists - more mailing lists