cnvd - cnvd-2019-07154

cnvd-2019-07154

Vulnerability from cnvd

Title: McAfee Agent提权漏洞（CNVD-2019-07154）

Description:

McAfee Agent（MA）是美国迈克菲（McAfee）公司的一套基于Linux平台的提供了ePolicy Orchestrator（杀毒软件管理平台）与被管理产品之间的安全通信的客户端组件。

基于Linux平台的MA 5.0.0版本至5.0.6版本、5.5.0版本和5.5.1版本中存在提权漏洞，本地攻击者可利用该漏洞执行任意命令。

Severity: 中

Patch Name: McAfee Agent提权漏洞（CNVD-2019-07154）的补丁

Patch Description:

基于Linux平台的MA 5.0.0版本至5.0.6版本、5.5.0版本和5.5.1版本中存在提权漏洞，本地攻击者可利用该漏洞执行任意命令。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://kc.mcafee.com/corporate/index?page=content&id=SB10260

Reference: https://kc.mcafee.com/corporate/index?page=content&id=SB10260

Impacted products

Name
['Mcafee McAfee Agent 5.5.0', 'Mcafee McAfee Agent 5.5.1', 'Mcafee McAfee Agent >=5.0.0，<=5.0.6']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-6704"
    }
  },
  "description": "McAfee Agent\uff08MA\uff09\u662f\u7f8e\u56fd\u8fc8\u514b\u83f2\uff08McAfee\uff09\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8eLinux\u5e73\u53f0\u7684\u63d0\u4f9b\u4e86ePolicy Orchestrator\uff08\u6740\u6bd2\u8f6f\u4ef6\u7ba1\u7406\u5e73\u53f0\uff09\u4e0e\u88ab\u7ba1\u7406\u4ea7\u54c1\u4e4b\u95f4\u7684\u5b89\u5168\u901a\u4fe1\u7684\u5ba2\u6237\u7aef\u7ec4\u4ef6\u3002\n\n\u57fa\u4e8eLinux\u5e73\u53f0\u7684MA 5.0.0\u7248\u672c\u81f35.0.6\u7248\u672c\u30015.5.0\u7248\u672c\u548c5.5.1\u7248\u672c\u4e2d\u5b58\u5728\u63d0\u6743\u6f0f\u6d1e\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002",
  "discovererName": "Andreas Dewald, ERNW Research GmbH",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://kc.mcafee.com/corporate/index?page=content\u0026id=SB10260",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-07154",
  "openTime": "2019-03-14",
  "patchDescription": "McAfee Agent\uff08MA\uff09\u662f\u7f8e\u56fd\u8fc8\u514b\u83f2\uff08McAfee\uff09\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8eLinux\u5e73\u53f0\u7684\u63d0\u4f9b\u4e86ePolicy Orchestrator\uff08\u6740\u6bd2\u8f6f\u4ef6\u7ba1\u7406\u5e73\u53f0\uff09\u4e0e\u88ab\u7ba1\u7406\u4ea7\u54c1\u4e4b\u95f4\u7684\u5b89\u5168\u901a\u4fe1\u7684\u5ba2\u6237\u7aef\u7ec4\u4ef6\u3002\r\n\r\n\u57fa\u4e8eLinux\u5e73\u53f0\u7684MA 5.0.0\u7248\u672c\u81f35.0.6\u7248\u672c\u30015.5.0\u7248\u672c\u548c5.5.1\u7248\u672c\u4e2d\u5b58\u5728\u63d0\u6743\u6f0f\u6d1e\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "McAfee Agent\u63d0\u6743\u6f0f\u6d1e\uff08CNVD-2019-07154\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Mcafee McAfee Agent 5.5.0",
      "Mcafee McAfee Agent 5.5.1",
      "Mcafee McAfee Agent \u003e=5.0.0\uff0c\u003c=5.0.6"
    ]
  },
  "referenceLink": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10260",
  "serverity": "\u4e2d",
  "submitTime": "2018-12-13",
  "title": "McAfee Agent\u63d0\u6743\u6f0f\u6d1e\uff08CNVD-2019-07154\uff09"
}

CVE-2018-6704 (GCVE-0-2018-6704)

Vulnerability from cvelistv5

Published

2018-12-12 20:00

Modified

2024-08-05 06:10

Severity ?

4.7 (Medium) - CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L

CWE

CWE-377 - Insecure Temporary File ()

Summary

Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions.

References

▼	URL	Tags
	https://kc.mcafee.com/corporate/index?page=content&id=SB10259	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	McAfee	McAfee Agent (MA) for Linux	Version: 5.5.0 Version: 5.5.1 Version: 5.0.0 < 5.0.0* Version: 5.0.6 <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:10:11.255Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10259"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "x86"
          ],
          "product": "McAfee Agent (MA) for Linux",
          "vendor": "McAfee",
          "versions": [
            {
              "status": "affected",
              "version": "5.5.0"
            },
            {
              "status": "affected",
              "version": "5.5.1"
            },
            {
              "lessThan": "5.0.0*",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.0.6",
              "status": "affected",
              "version": "5.0.6",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "McAfee credits Andreas Dewald, ERNW Research GmbH (Germany) for discovery of this vulnerability"
        }
      ],
      "datePublic": "2018-12-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-377",
              "description": "Insecure Temporary File (CWE-377)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-12T19:57:01",
        "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "shortName": "trellix"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10259"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "McAfee highly recommends that all customers upgrade to McAfee Agent 5.6.0."
        }
      ],
      "source": {
        "advisory": "SB10259",
        "discovery": "EXTERNAL"
      },
      "title": "McAfee Agent for Linux Privilege Escalation vulnerability ",
      "workarounds": [
        {
          "lang": "en",
          "value": "If you cannot upgrade to McAfee Agent 5.6.0, do not run specific user requested commands related to McAfee products and only run commands mentioned in product or installation guides."
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@mcafee.com",
          "ID": "CVE-2018-6704",
          "STATE": "PUBLIC",
          "TITLE": "McAfee Agent for Linux Privilege Escalation vulnerability "
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "McAfee Agent (MA) for Linux",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003e=",
                            "platform": "x86",
                            "version_affected": "\u003e=",
                            "version_name": "5.0.0",
                            "version_value": "5.0.0"
                          },
                          {
                            "affected": "\u003c=",
                            "platform": "x86",
                            "version_affected": "\u003c=",
                            "version_name": "5.0.6",
                            "version_value": "5.0.6"
                          },
                          {
                            "affected": "=",
                            "platform": "x86",
                            "version_affected": "=",
                            "version_name": "5.5.0",
                            "version_value": "5.5.0"
                          },
                          {
                            "affected": "=",
                            "platform": "x86",
                            "version_affected": "=",
                            "version_name": "5.5.1",
                            "version_value": "5.5.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "McAfee"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "McAfee credits Andreas Dewald, ERNW Research GmbH (Germany) for discovery of this vulnerability"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Insecure Temporary File (CWE-377)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10259",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10259"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "McAfee highly recommends that all customers upgrade to McAfee Agent 5.6.0."
          }
        ],
        "source": {
          "advisory": "SB10259",
          "discovery": "EXTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "If you cannot upgrade to McAfee Agent 5.6.0, do not run specific user requested commands related to McAfee products and only run commands mentioned in product or installation guides."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
    "assignerShortName": "trellix",
    "cveId": "CVE-2018-6704",
    "datePublished": "2018-12-12T20:00:00",
    "dateReserved": "2018-02-06T00:00:00",
    "dateUpdated": "2024-08-05T06:10:11.255Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted