McAfee Email Gateway Prior To 6.7.2 Hotfix 2 Multiple Vulnerabilities
BID:39242
Info
McAfee Email Gateway Prior To 6.7.2 Hotfix 2 Multiple Vulnerabilities
| Bugtraq ID: | 39242 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Apr 06 2010 12:00AM |
| Updated: | Apr 06 2010 12:00AM |
| Credit: | Nahuel Grisolia of CYBSEC |
| Vulnerable: |
McAfee Email Gateway 6.7.1 |
| Not Vulnerable: |
McAfee Email Gateway 7.5.1 McAfee Email Gateway 7.0.4 |
Discussion
McAfee Email Gateway Prior To 6.7.2 Hotfix 2 Multiple Vulnerabilities
McAfee Email Gateway (formerly IronMail) is prone to multiple vulnerabilities, including:
A local privilege-escalation vulnerability
A denial-of-service vulnerability.
Multiple cross-site scripting vulnerabilities
An information-disclosure vulnerability
An attacker may leverage these issues to completely compromise affected computers, execute arbitrary commands and script code, steal cookie-based authentication credentials, crash the affected application and gain access to sensitive information. Other attacks are also possible.
Versions prior to McAfee Email Gateway 6.7.2 Hotfix 2 are vulnerable.
McAfee Email Gateway (formerly IronMail) is prone to multiple vulnerabilities, including:
A local privilege-escalation vulnerability
A denial-of-service vulnerability.
Multiple cross-site scripting vulnerabilities
An information-disclosure vulnerability
An attacker may leverage these issues to completely compromise affected computers, execute arbitrary commands and script code, steal cookie-based authentication credentials, crash the affected application and gain access to sensitive information. Other attacks are also possible.
Versions prior to McAfee Email Gateway 6.7.2 Hotfix 2 are vulnerable.
Exploit / POC
McAfee Email Gateway Prior To 6.7.2 Hotfix 2 Multiple Vulnerabilities
The following proof of concepts are available:
The following proof of concepts are available:
Solution / Fix
McAfee Email Gateway Prior To 6.7.2 Hotfix 2 Multiple Vulnerabilities
Solution:
Vendor updates are available. Please see the references for more information.
Solution:
Vendor updates are available. Please see the references for more information.
References
McAfee Email Gateway Prior To 6.7.2 Hotfix 2 Multiple Vulnerabilities
References:
References:
- CYBSEC Advisory#2010-0401 Denial of Service in McAfee Email Gateway (formerly I (CYBSEC)
- CYBSEC Advisory#2010-0402 Multiple Reflected Cross-Site Scripting (XSS) in McAf (CYBSEC)
- CYBSEC Advisory#2010-0403 Internal Information Disclosure in McAfee Email Gatew (CYBSEC)
- CYBSEC Advisory#2010-0404 Local Privilege Escalation in McAfee Email Gateway (f (CYBSEC)
- McAfee Security Bulletin - McAfee Email Gateway update fixes four issues (McAfee)