4

On a recent scan using McAfee Foundstone Enterprise (newer versions are known as McAfee Vulnerability Manager), I ran into a "No Translation Available" error.

It's rather frustrating that these errors leave me without any specific description or resolution details on the vulnerability. But I find the most aggravating part is that it even leaves out the CVE IDs. The only identifying information I'm left with is a "Risk Rating" and "Vulnerability ID", both of which seem to be proprietary to McAfee.

Searching online has led me to practically nowhere, except for a couple of un-helpful McAfee KnowledgeBase entries. What the KB entries tell me is that, while this is occasionally a legitimate problem on the system which can be troubleshot and resolved, the issue is more often due to the way McAfee sends out updates. Apparently, the language packs are regularly released a week or two later than the content to which it applies. So, during that gap, the Foundstone scanner knows how to check for a vulnerability but doesn't know how to tell you about it.

Is there a website somewhere that I can use to look up these Vulnerability IDs, and find a corresponding CVE ID? Google has been no help, and I haven't found anywhere on McAfee's site yet that works either.

One particular example that came up recently was Vulnerability ID 11900, around 1900 EDT on 4/21/2011.

Iszi
  • 26,997
  • 18
  • 98
  • 163
  • An example vulnerability ID and timestamp would be helpful. – nealmcb Apr 22 '11 at 02:44
  • If you say "No translation" Is it possible to find i in another language and running it true a service like google translate? To get at leas a estimate of what the issue is. – KilledKenny Apr 22 '11 at 08:34
  • @WZeberaFFS - Theoretically, that may be possible. However, I don't know where to begin looking on how to do a temporary language pack switch on this, and I don't know of a reliable way to determine which (if any) of the language packs will have the vulnerability included in its latest update. – Iszi Apr 22 '11 at 17:30
  • @nealmcb @WZeberaFFS - Added example information, if that helps. – Iszi Apr 25 '11 at 18:16

1 Answers1

2

I've often found the MVM reports are lacking when it comes to this. Especially on the plethora of 0 days that were dropped December 2010 in multiple different browsers and rendering components of Microsoft Operating systems.

This is one of those.

The process I've found that can identify most (call it 90%) of the "No Translation Available" items for Microsoft related vulnerabilities is as follows:

Step 1: Hit Mcafee labs and run a search on the Vuln ID. http://www.mcafee.com/apps/search/default.aspx?q=Vulnerability+ID+11900&searchSubmit=Go

Step 2: Hit Technet and search with the string used as the description. http://www.microsoft.com/technet/security/advisory/2501696.mspx

Step 3: Hit google with the Advisory number and hopefully there's an MS numbered patch released, if not you're likely to get a page detailing mitigation steps that can be taken.

In this case, you're lucky, and there's a patch released. http://support.microsoft.com/kb/2501696

Step 4: Call/Email your rep and give them the details above and request the vulnerability "recommendation" be updated with the information provided.

If you're looking for it in a language microsoft supports on their main page this will give you an interim solution. Though honestly CVE's are registered for almost anything, this is probably just Mcafee not doing their diligence to find it.

Ori
  • 2,757
  • 1
  • 15
  • 29
  • Thank you for the input, but for this particular one I'm not sure it really solves my problem. It does get a bit more information than just "No Translation Available" but the Description is too ambiguous to be able to definitively narrow down to any one specific vulnerability. Then again, there's not much I can do about that bit, I suppose. – Iszi Jun 03 '11 at 19:44
  • http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0096 That's the actual CVE. by taking the KB you can reference the CVE on the NVD. Unless Mcafee updates their Vulnerability ID it won't really matter for a majority of them unfortunately. – Ori Jun 04 '11 at 00:56