Symantec Messaging Gateway 9.5.x Multiple Vulnerabilities (SYM12-013)

high Nessus Plugin ID 62010

Synopsis

A messaging security application running on the remote host has multiple vulnerabilities.

Description

According to its self-reported version number, the version of Symantec Messaging Gateway running on the remote host is 9.5.x and has the following vulnerabilities :

- Multiple XSS vulnerabilities exist. (CVE-2012-0307)

- Lack of password protection on sensitive functions as well as of CSRF protection could be abused through CSRF attacks, for example, to add a backdoor administrator account. (CVE-2012-0308)

- The 'support' account with SSH access is secured with the password 'symantec'. (CVE-2012-3579)

- An unspecified web application modification issue exists. (CVE-2012-3580)

- An unspecified flaw may allow a remote attacker to gain access to potentially sensitive component version information. (CVE-2012-3581)

- An authenticated user is able to download arbitrary files with the permissions of the Webserver user using specially crafted GET requests, such as using the 'logFile' parameter of 'brightmail/export', the 'localBackupFileSelection' parameter of 'brightmail/admin/restore/download.do', and possibly others. (CVE-2012-4347)

Solution

Upgrade to Symantec Messaging Gateway 10.0 or later.

See Also

http://www.nessus.org/u?97079438

https://www.securityfocus.com/archive/1/524191/30/0/threaded

https://www.securityfocus.com/archive/1/524192/30/0/threaded

https://www.securityfocus.com/archive/1/524193/30/0/threaded

https://www.securityfocus.com/archive/1/524876/30/0/threaded

https://www.securityfocus.com/archive/1/524877/30/0/threaded

https://www.securityfocus.com/archive/1/524878/30/0/threaded

https://www.securityfocus.com/archive/1/524879/30/0/threaded

http://www.nessus.org/u?9fb213da

Plugin Details

Severity: High

ID: 62010

File Name: symantec_messaging_gateway_sym12-013.nasl

Version: 1.21

Type: remote

Family: CGI abuses

Published: 9/7/2012

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.9

Temporal Score: 6.5

Vector: CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2012-3579

Vulnerability Information

CPE: cpe:/a:symantec:messaging_gateway

Required KB Items: www/sym_msg_gateway

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 8/27/2012

Vulnerability Publication Date: 8/27/2012

Exploitable With

Core Impact

Metasploit (Symantec Messaging Gateway 9.5 Default SSH Password Vulnerability)

Elliot (Symantec Messaging Gateway 9.5.3 File Disclosure)

Reference Information

CVE: CVE-2012-0307, CVE-2012-0308, CVE-2012-3579, CVE-2012-3580, CVE-2012-3581, CVE-2012-4347

BID: 55137, 55138, 55141, 55142, 55143, 56789

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990