McAfee Firewall Enterprise IGMP Packet Integer Overflow DoS (SB10107)

high Nessus Plugin ID 83735

Synopsis

The remote host is affected by a denial of service vulnerability.

Description

The remote host has a version of McAfee Firewall Enterprise installed that is affected by an integer overflow condition. An unauthenticated, remote attacker, by sending a specially crafted IGMP packet, can cause the application to crash due to allocation of insufficient memory. An incomplete fix was offered in 8.3.2 ePatch 41, 8.3.1 ePatch 70 and 8.2.1 ePatch 135 but newer patches have been released to fully address the issue.

Solution

Apply the appropriate patch referenced in the vendor security advisory.

See Also

https://kc.mcafee.com/corporate/index?page=content&id=SB10107

Plugin Details

Severity: High

ID: 83735

File Name: mcafee_firewall_enterprise_SB10107.nasl

Version: 1.8

Type: local

Family: Firewalls

Published: 5/20/2015

Updated: 2/24/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2015-1414

Vulnerability Information

CPE: x-cpe:/a:mcafee:firewall_enterprise

Required KB Items: Host/McAfeeFE/version, Host/McAfeeFE/version_display, Host/McAfeeFE/installed_patches

Exploit Ease: No known exploits are available

Patch Publication Date: 4/23/2015

Vulnerability Publication Date: 2/25/2015

Reference Information

CVE: CVE-2015-1414

BID: 72777

MCAFEE-SB: SB10107