Public Safety Canada
Symbol of the Government of Canada
Skip to content | Skip to institutional links

Common menu bar links | Liens de navigation communs

Skip Navigation Links Home > Programs > Emergency management > Response > CCIRC > Analytical releases 2010 > AV09-046: McAfee NSM cross-site scripting and security bypass vulnerabilities

Institutional links

McAfee NSM cross-site scripting and security bypass vulnerabilities

Number: AV09-046
Date: 13 November 2009

Purpose

The purpose of this advisory is to bring attention to important vulnerabilities in McAfee Networking Security Manager (formally Intrushield Security Management) versions 5.1.7.7 and earlier.

Assessment

Networking Security Manager (NSM) is susceptible to cross-site scripting (XSS) due to improper user input validation. The offending script is called Login.jsp. Consequently, it is vulnerable to XSS exploitation techniques. In one scenario, a link is sent to an NSM user or administrator. The user clicks on the link, and Javascript is executed in the browser context of the NSM administrator. It is expected that the system on which the NSM is managed is deployed within a separate zone, and therefore minimally exposed.

 

The security bypass vulnerability describes a condition where the NSM does not make use of the HttpOnly tag, thereby exposing it to HTTP session cookie hijacking. When a cookie is HttpOnly, the web browser should not allow client side scripts, such as JavaScript, to have access to the cookie. This mitigates the effects of XSS methods of exploitation.

The vendor has fixed the XSS issue with versions 5.1.11.6 and above.
The vendor has fixed the security bypass issue with versions 5.1.11.8.1 and above.

CVE:
CVE-2009-3565
CVE-2009-3566

Suggested action

CCIRC recommends that administrators test and deploy these updates according to their Release Management practices, as appropriate, at the earliest opportunity.

References:
https://kc.mcafee.com/corporate/index?page=content&id=SB10004
https://kc.mcafee.com/corporate/index?page=content&id=SB10005
http://www.vupen.com/english/advisories/2009/3226

Note to Readers

The Canadian Cyber Incident Response Centre (CCIRC) provides a focal point for Canada's cyber threat and vulnerability warning, analysis and response. CCIRC is responsible for assuring the resilience of national critical infrastructure through monitoring threats and coordinating a federal response to cyber security incidents of national interest. CCIRC operates in conjunction with the Government Operations Centre (GOC) within Public Safety Canada and is a key component of the government's all-hazards approach to emergency management and national security.

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: communications@ps-sp.gc.ca

Date Modified: 2009-11-13
Top of Page
Top of Page
Important Notices