McAfee Email Gateway (formerly IronMail) – Denial of Service

• Exploit Database
• 13 阅读

• 作者： Nahuel Grisolia
  日期： 2010-04-06
• 类别：

  • dos
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/12093/

• Advisory Name: Denial of Service in McAfee Email Gateway (formerly IronMail)
  Vulnerability Class: Denial of Service
  Release Date: Tue Apr 6, 2010
  Affected Applications: Secure Mail (Ironmail) ver.6.7.1
  Affected Platforms: FreeBSD 6.2 / Apache-Coyote 1.1
  Local / Remote: Local
  Severity: Medium – CVSS: 4.6 (AV:L/AC:L/Au:S/C:N/I:N/A:C)
  Researcher: Nahuel Grisolía
  
  Vendor Status: Official Patch Released. Install McAfee Email Gateway 6.7.2 Hotfix 2.
  Reference to Vulnerability Disclosure Policy: http://www.cybsec.com/vulnerability_policy.pdf
  
  Vulnerability Description:
  Users inside the CLI can run some kind of “Fork Bomb” in order to saturate system resources because
  of an insecure ulimit value.
  
  Download:
  https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/12093.pdf (cybsec_advisory_2010_0401.pdf)