We are running on Webgateway appliance version 74.2.2. With regard to the recent Shellshock vulnerability, how can this be patched?
We have installed all the latest updates and the yum updates and it still comes up as vulnerable.
Thanks and Regards
MWG is vulnerable. A hostile DHCP server can craft a DHCP reply to a DHCP request that exploits the MWG DHCP client and allows root privileged remote code execution for the attacker. This attack vector is present only if MWG engine has a dynamic interface that is configured to get an IP address via DHCP.
Recommended Actions: The MWG users who are using the vulnerable version should upgrade to a newer MWG version as soon as they become available. You may want to consider turning off DHCP until the McAfee update.
You may check DHCP status via Configuration > Appliances > Appliance_Name > Network Interfaces.
IP Settings must be "Configure Manually"
While the Security Bulletin under: https://kc.mcafee.com/corporate/index?page=content&id=SB10085&actp=null&viewlocale=en_US&showDraft=f...
still states, MWG is not updated, I would like to make you aware that 22.214.171.124 has been released that fixes the vulnerability.