Vulnerabilites related to McAfee - McAfee Agent (MA) for Linux
CVE-2018-6706 (GCVE-0-2018-6706)
Vulnerability from cvelistv5
Published
2018-12-12 23:00
Modified
2024-08-05 06:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-377 - Insecure Temporary File ()
Summary
Insecure handling of temporary files in non-Windows McAfee Agent 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows an Unprivileged User to introduce custom paths during agent installation in Linux via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| McAfee | McAfee Agent (MA) for Linux |
Version: 5.5.0 Version: 5.5.1 Version: 5.0.0 < 5.0.0* Version: 5.0.6 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:11.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106328",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106328"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10260"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86"
],
"product": "McAfee Agent (MA) for Linux",
"vendor": "McAfee",
"versions": [
{
"status": "affected",
"version": "5.5.0"
},
{
"status": "affected",
"version": "5.5.1"
},
{
"lessThan": "5.0.0*",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.0.6",
"status": "affected",
"version": "5.0.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "McAfee credits Brandon Vincent for discovery of this vulnerability"
}
],
"datePublic": "2018-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insecure handling of temporary files in non-Windows McAfee Agent 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows an Unprivileged User to introduce custom paths during agent installation in Linux via unspecified vectors."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-377",
"description": "Insecure Temporary File (CWE-377)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-27T10:57:01",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"name": "106328",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106328"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10260"
}
],
"solutions": [
{
"lang": "en",
"value": "McAfee highly recommends that all customers upgrade to McAfee Agent 5.6.0."
}
],
"source": {
"advisory": "SB10260",
"discovery": "EXTERNAL"
},
"title": "McAfee Agent (MA) non-Windows versions incorrect use of temporary file vulnerability ",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2018-6706",
"STATE": "PUBLIC",
"TITLE": "McAfee Agent (MA) non-Windows versions incorrect use of temporary file vulnerability "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "McAfee Agent (MA) for Linux",
"version": {
"version_data": [
{
"affected": "\u003e=",
"platform": "x86",
"version_affected": "\u003e=",
"version_name": "5.0.0",
"version_value": "5.0.0"
},
{
"affected": "\u003c=",
"platform": "x86",
"version_affected": "\u003c=",
"version_name": "5.0.6",
"version_value": "5.0.6"
},
{
"affected": "=",
"platform": "x86",
"version_affected": "=",
"version_name": "5.5.0",
"version_value": "5.5.0"
},
{
"affected": "=",
"platform": "x86",
"version_affected": "=",
"version_name": "5.5.1",
"version_value": "5.5.1"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "McAfee credits Brandon Vincent for discovery of this vulnerability"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insecure handling of temporary files in non-Windows McAfee Agent 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows an Unprivileged User to introduce custom paths during agent installation in Linux via unspecified vectors."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Temporary File (CWE-377)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106328",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106328"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10260",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10260"
}
]
},
"solution": [
{
"lang": "en",
"value": "McAfee highly recommends that all customers upgrade to McAfee Agent 5.6.0."
}
],
"source": {
"advisory": "SB10260",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2018-6706",
"datePublished": "2018-12-12T23:00:00",
"dateReserved": "2018-02-06T00:00:00",
"dateUpdated": "2024-08-05T06:10:11.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6704 (GCVE-0-2018-6704)
Vulnerability from cvelistv5
Published
2018-12-12 20:00
Modified
2024-08-05 06:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-377 - Insecure Temporary File ()
Summary
Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| McAfee | McAfee Agent (MA) for Linux |
Version: 5.5.0 Version: 5.5.1 Version: 5.0.0 < 5.0.0* Version: 5.0.6 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:11.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10259"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86"
],
"product": "McAfee Agent (MA) for Linux",
"vendor": "McAfee",
"versions": [
{
"status": "affected",
"version": "5.5.0"
},
{
"status": "affected",
"version": "5.5.1"
},
{
"lessThan": "5.0.0*",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.0.6",
"status": "affected",
"version": "5.0.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "McAfee credits Andreas Dewald, ERNW Research GmbH (Germany) for discovery of this vulnerability"
}
],
"datePublic": "2018-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-377",
"description": "Insecure Temporary File (CWE-377)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-12T19:57:01",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10259"
}
],
"solutions": [
{
"lang": "en",
"value": "McAfee highly recommends that all customers upgrade to McAfee Agent 5.6.0."
}
],
"source": {
"advisory": "SB10259",
"discovery": "EXTERNAL"
},
"title": "McAfee Agent for Linux Privilege Escalation vulnerability ",
"workarounds": [
{
"lang": "en",
"value": "If you cannot upgrade to McAfee Agent 5.6.0, do not run specific user requested commands related to McAfee products and only run commands mentioned in product or installation guides."
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2018-6704",
"STATE": "PUBLIC",
"TITLE": "McAfee Agent for Linux Privilege Escalation vulnerability "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "McAfee Agent (MA) for Linux",
"version": {
"version_data": [
{
"affected": "\u003e=",
"platform": "x86",
"version_affected": "\u003e=",
"version_name": "5.0.0",
"version_value": "5.0.0"
},
{
"affected": "\u003c=",
"platform": "x86",
"version_affected": "\u003c=",
"version_name": "5.0.6",
"version_value": "5.0.6"
},
{
"affected": "=",
"platform": "x86",
"version_affected": "=",
"version_name": "5.5.0",
"version_value": "5.5.0"
},
{
"affected": "=",
"platform": "x86",
"version_affected": "=",
"version_name": "5.5.1",
"version_value": "5.5.1"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "McAfee credits Andreas Dewald, ERNW Research GmbH (Germany) for discovery of this vulnerability"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Temporary File (CWE-377)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10259",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10259"
}
]
},
"solution": [
{
"lang": "en",
"value": "McAfee highly recommends that all customers upgrade to McAfee Agent 5.6.0."
}
],
"source": {
"advisory": "SB10259",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "If you cannot upgrade to McAfee Agent 5.6.0, do not run specific user requested commands related to McAfee products and only run commands mentioned in product or installation guides."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2018-6704",
"datePublished": "2018-12-12T20:00:00",
"dateReserved": "2018-02-06T00:00:00",
"dateUpdated": "2024-08-05T06:10:11.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6705 (GCVE-0-2018-6705)
Vulnerability from cvelistv5
Published
2018-12-12 20:00
Modified
2024-08-05 06:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-377 - Insecure Temporary File ()
Summary
Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| McAfee | McAfee Agent (MA) for Linux |
Version: 5.5.0 Version: 5.5.1 Version: 5.0.0 < 5.0.0* Version: 5.0.6 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:11.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106328",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106328"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10260"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86"
],
"product": "McAfee Agent (MA) for Linux",
"vendor": "McAfee",
"versions": [
{
"status": "affected",
"version": "5.5.0"
},
{
"status": "affected",
"version": "5.5.1"
},
{
"lessThan": "5.0.0*",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.0.6",
"status": "affected",
"version": "5.0.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "McAfee credits Brandon Vincent for discovery of this vulnerability"
}
],
"datePublic": "2018-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-377",
"description": "Insecure Temporary File (CWE-377)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-27T10:57:01",
"orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"shortName": "trellix"
},
"references": [
{
"name": "106328",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106328"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10260"
}
],
"solutions": [
{
"lang": "en",
"value": "McAfee highly recommends that all customers upgrade to McAfee Agent 5.6.0."
}
],
"source": {
"advisory": "SB10260",
"discovery": "EXTERNAL"
},
"title": "McAfee Agent (MA) for Linux Privilege Escalation vulnerability ",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2018-6705",
"STATE": "PUBLIC",
"TITLE": "McAfee Agent (MA) for Linux Privilege Escalation vulnerability "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "McAfee Agent (MA) for Linux",
"version": {
"version_data": [
{
"affected": "\u003e=",
"platform": "x86",
"version_affected": "\u003e=",
"version_name": "5.0.0",
"version_value": "5.0.0"
},
{
"affected": "\u003c=",
"platform": "x86",
"version_affected": "\u003c=",
"version_name": "5.0.6",
"version_value": "5.0.6"
},
{
"affected": "=",
"platform": "x86",
"version_affected": "=",
"version_name": "5.5.0",
"version_value": "5.5.0"
},
{
"affected": "=",
"platform": "x86",
"version_affected": "=",
"version_name": "5.5.1",
"version_value": "5.5.1"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "McAfee credits Brandon Vincent for discovery of this vulnerability"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Temporary File (CWE-377)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106328",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106328"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10260",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10260"
}
]
},
"solution": [
{
"lang": "en",
"value": "McAfee highly recommends that all customers upgrade to McAfee Agent 5.6.0."
}
],
"source": {
"advisory": "SB10260",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
"assignerShortName": "trellix",
"cveId": "CVE-2018-6705",
"datePublished": "2018-12-12T20:00:00",
"dateReserved": "2018-02-06T00:00:00",
"dateUpdated": "2024-08-05T06:10:11.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}