cnvd - cnvd-2021-99297

CNVD-2021-99297

Vulnerability from cnvd - Published: 2021-12-13

Title

McAfee Data Loss Prevention Discover缓冲区溢出漏洞

Description

McAfee Data Loss Prevention Discover (McAfee DLP Discover)可帮助您定位和分类敏感数据，了解其使用方式并对其进行保护。 McAfee Data Loss Prevention Discover 11.6.100之前版本存在缓冲区溢出漏洞。该漏洞源于目标缓冲区为固定大小且对源大小的检查不正确。攻击者可通过将特制Ami Pro (.sam)文件置于机器中并让DLP Discover进行扫描，从而可利用该漏洞执行任意代码。

Severity

中

Patch Name

McAfee Data Loss Prevention Discover缓冲区溢出漏洞的补丁

Patch Description

McAfee Data Loss Prevention Discover (McAfee DLP Discover)可帮助您定位和分类敏感数据，了解其使用方式并对其进行保护。攻击者可通过将特制Ami Pro (.sam)文件置于机器中并让DLP Discover进行扫描，从而可利用该漏洞执行任意代码。 McAfee Data Loss Prevention Discover 11.6.100之前版本存在缓冲区溢出漏洞。该漏洞源于目标缓冲区为固定大小且对源大小的检查不正确。攻击者可通过将特制Ami Pro (.sam)文件置于机器中并让DLP Discover进行扫描，从而可利用该漏洞执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://kc.mcafee.com/corporate/index?page=content&id=SB10368

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-31845

Impacted products

Name
Mcafee Data Loss Prevention Discover <11.6.100

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-31845",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-31845"
    }
  },
  "description": "McAfee Data Loss Prevention Discover (McAfee DLP Discover)\u53ef\u5e2e\u52a9\u60a8\u5b9a\u4f4d\u548c\u5206\u7c7b\u654f\u611f\u6570\u636e\uff0c\u4e86\u89e3\u5176\u4f7f\u7528\u65b9\u5f0f\u5e76\u5bf9\u5176\u8fdb\u884c\u4fdd\u62a4\u3002\n\nMcAfee Data Loss Prevention Discover 11.6.100\u4e4b\u524d\u7248\u672c\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u76ee\u6807\u7f13\u51b2\u533a\u4e3a\u56fa\u5b9a\u5927\u5c0f\u4e14\u5bf9\u6e90\u5927\u5c0f\u7684\u68c0\u67e5\u4e0d\u6b63\u786e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5c06\u7279\u5236Ami Pro (.sam)\u6587\u4ef6\u7f6e\u4e8e\u673a\u5668\u4e2d\u5e76\u8ba9DLP Discover\u8fdb\u884c\u626b\u63cf\uff0c\u4ece\u800c\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://kc.mcafee.com/corporate/index?page=content\u0026id=SB10368",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-99297",
  "openTime": "2021-12-13",
  "patchDescription": "McAfee Data Loss Prevention Discover (McAfee DLP Discover)\u53ef\u5e2e\u52a9\u60a8\u5b9a\u4f4d\u548c\u5206\u7c7b\u654f\u611f\u6570\u636e\uff0c\u4e86\u89e3\u5176\u4f7f\u7528\u65b9\u5f0f\u5e76\u5bf9\u5176\u8fdb\u884c\u4fdd\u62a4\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5c06\u7279\u5236Ami Pro (.sam)\u6587\u4ef6\u7f6e\u4e8e\u673a\u5668\u4e2d\u5e76\u8ba9DLP Discover\u8fdb\u884c\u626b\u63cf\uff0c\u4ece\u800c\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\nMcAfee Data Loss Prevention Discover 11.6.100\u4e4b\u524d\u7248\u672c\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u76ee\u6807\u7f13\u51b2\u533a\u4e3a\u56fa\u5b9a\u5927\u5c0f\u4e14\u5bf9\u6e90\u5927\u5c0f\u7684\u68c0\u67e5\u4e0d\u6b63\u786e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5c06\u7279\u5236Ami Pro (.sam)\u6587\u4ef6\u7f6e\u4e8e\u673a\u5668\u4e2d\u5e76\u8ba9DLP Discover\u8fdb\u884c\u626b\u63cf\uff0c\u4ece\u800c\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "McAfee Data Loss Prevention Discover\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Mcafee Data Loss Prevention Discover \u003c11.6.100"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-31845",
  "serverity": "\u4e2d",
  "submitTime": "2021-09-18",
  "title": "McAfee Data Loss Prevention Discover\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

CVE-2021-31845 (GCVE-0-2021-31845)

Vulnerability from cvelistv5 – Published: 2021-09-17 13:45 – Updated: 2024-08-03 23:10

Title

Remote Code Execution in McAfee DLP Discover

Summary

A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Discover prior to 11.6.100 allows an attacker in the same network as the DLP Discover to execute arbitrary code through placing carefully constructed Ami Pro (.sam) files onto a machine and having DLP Discover scan it, leading to remote code execution with elevated privileges. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size.

Severity ?

8.4 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE

CWE-120 - Buffer Copy without Checking Size of Input

Assigner

trellix

References

URL

Tags

https://kc.mcafee.com/corporate/index?page=conten…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	McAfee,LLC	McAfee Data Loss Prevention (DLP) Discover	Affected: unspecified , < 10.6.100 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:10:30.806Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10368"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "McAfee Data Loss Prevention (DLP) Discover",
          "vendor": "McAfee,LLC",
          "versions": [
            {
              "lessThan": "10.6.100",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Discover prior to 11.6.100 allows an attacker in the same network as the DLP Discover to execute arbitrary code through placing carefully constructed Ami Pro (.sam) files onto a machine and having DLP Discover scan it, leading to remote code execution with elevated privileges. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120: Buffer Copy without Checking Size of Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-17T13:45:12",
        "orgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
        "shortName": "trellix"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10368"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Remote Code Execution in McAfee DLP Discover",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@mcafee.com",
          "ID": "CVE-2021-31845",
          "STATE": "PUBLIC",
          "TITLE": "Remote Code Execution in McAfee DLP Discover"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "McAfee Data Loss Prevention (DLP) Discover",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "10.6.100"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "McAfee,LLC"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Discover prior to 11.6.100 allows an attacker in the same network as the DLP Discover to execute arbitrary code through placing carefully constructed Ami Pro (.sam) files onto a machine and having DLP Discover scan it, leading to remote code execution with elevated privileges. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-120: Buffer Copy without Checking Size of Input"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10368",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10368"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "01626437-bf8f-4d1c-912a-893b5eb04808",
    "assignerShortName": "trellix",
    "cveId": "CVE-2021-31845",
    "datePublished": "2021-09-17T13:45:12",
    "dateReserved": "2021-04-27T00:00:00",
    "dateUpdated": "2024-08-03T23:10:30.806Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2021-99297

CVE-2021-31845 (GCVE-0-2021-31845)

Tags

Sightings

Nomenclature