Rewterz

Rewterz Threat Advisory – CVE-2021-3744 – Linux Kernel Vulnerability

September 15, 2021
Rewterz

Rewterz Threat Alert – FormBook Malware – Active IOCs

September 15, 2021

Rewterz Threat Advisory – Multiple McAfee (DLP) Endpoint Windows and DLP Discover Security Vulnerabilities

Severity

High

Analysis Summary

CVE-2021-31844

A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a local attacker to execute arbitrary code with elevated privileges by placing carefully constructed Ami Pro (.sam) files onto the local system and triggering a DLP Endpoint scan through accessing a file. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size.

CVE-2021-31845


A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Discover prior to 11.6.100 allows an attacker in the same network as the DLP Discover to execute arbitrary code through placing carefully constructed Ami Pro (.sam) files onto a machine and having DLP Discover scan it, leading to remote code execution with elevated privileges. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size.

Impact

  • Buffer Copy without Checking Size of Input.

Affected Vendors

McAfee

Affected Products

  • Data Loss Prevention Prior to 11.6.200
  • DLP Discover Prior to 11.6.100

Remediation

Customers using DLP Endpoint for Windows should update to 11.6.200 or later.
Customers using DLP Discover should update to 11.6.100 or later.
For complete support visit the McAfee website.

https://kc.mcafee.com/corporate/index?page=content&id=SB10368

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.