cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
gbos
Level 7
Report Inappropriate Content
Message 1 of 5

MVM FSL check for heartbleed?

Do we have an ETA when MVM (Foundstone) will have a content update for the Heartbleed bug (CVE-2014-0160)?  Some of my departments have asked.  Thanks!

4 Replies
gbos
Level 7
Report Inappropriate Content
Message 2 of 5

Re: MVM FSL check for heartbleed?

Answering my own question:

It is NOT in todays FSL release which just came out (see here).  There was a separate SNS note minutes after the FSL content update.  It said:

McAfee is aware of the Heartbleed Vulnerability (CVE-2014-0160). This is a vulnerability in OpenSSL that could allow an attacker to gain access to system memory (in 64K chunks) which potentially could contain sensitive information or communications.

McAfee is investigating affected products and will be provide additional information via SNS today.

gbos
Level 7
Report Inappropriate Content
Message 3 of 5

Re: MVM FSL check for heartbleed?

Well, the SNS notice was disappointing:

McAfee is identifying those products impacted by the vulnerable OpenSSL versions and updating them to a remediated OpenSSL version.  A consolidated Security Bulletin will be published on the McAfee Knowledge Center (support.mcafee.com) and list all affected products. This document will be updated daily as new hotfixes and patches are posted for customer download.

An SNS Notice will be sent advising when the Security Bulletin is available, and additional SNS messages will be sent as updates occur.


Update to original notification send Wed Apr 9 at approx. 10:15 am CDT

I've asked our VAR to open a ticket with McAfee on when MVM (Foundstone) will have a content update for the Heartbleed bug (CVE-2014-0160)

gbos
Level 7
Report Inappropriate Content
Message 4 of 5

Re: MVM FSL check for heartbleed?

It was in the second FSL update released yesterday (RedHat entry used as example):

140438 - Red Hat Enterprise Linux RHSA-2014-0376 Update Is Not Installed

Category: SSH Module -> NonIntrusive -> Red Hat Enterprise Linux Patches and Hotfixes

Risk Level: Medium

CVE: CVE-2014-0160

Description

The scan detected that the host is missing the following update: RHSA-2014-0376

Observation

Updates often remediate critical security problems that should be quickly addressed.

For more information see:

https://rhn.redhat.com/errata/RHSA-2014-0376.html

acwon
Level 7
Report Inappropriate Content
Message 5 of 5

Re: MVM FSL check for heartbleed?

In MVM , Manage -> FASL Scripts, I reviewed the "OpenSSL TLS DTLS Heartbeat Extension Packets Information Disclosure" and in "View Script" I found some statement as follows:

    

FASL.vulnID     = 16505;

FASL.attackType = ATTACK_NONINTRUSIVE;

FASL.os         = OS_ANY;

FASL.protocol   = PROTOCOL_TCP;

FASL.filters = [ 443, 465, 990, 993, 994, 995, 563, 636, 992, 3713, 5061, 6514, 10161, 10162 ];

Does "FASL.filters" mean this check will only checking TCP ports in the group of "443, 465, 990, 993, 994, 995, 563, 636, 992, 3713, 5061, 6514, 10161, 10162"?   Or this check will cheking based on the IPs specified in  MVM, Settings -> Services -> TCP Scanning?

Thanks.

AL

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community