Symantec Messaging Gateway Multiple Flaws Let Remote Users Access and Modify the System
Several vulnerabilities were reported in Symantec Messaging Gateway.
Symantec was notified of several security issues impacting Symantec's Messaging Gateway management console. Issues the affected versions of Symantec Messaging Gateway may be susceptible to include:
- Multiple XSS issues as a result of insufficient validation/sanitation of external web or incoming malicious email content.
- A CSRF issue that, successfully exploited, could potentially allow unauthorized administrative access.
- An SSH default passworded account that could potentially be leveraged by an unprivileged user to attempt to gain additional privilege access.
- The capability to potentially modify the underlying web application with elevated privileges once attacker has gained initial access to the Symantec Messaging Gateway management interface.
- The affected applications disclose excessive component versioning information during successful reconnaissance that could potentially be leveraged in future unauthorized access attempts.
In a normal installation, neither the Symantec Messaging Gateway appliance management interface nor the system hosting the software application would be externally accessible from the network environment nor used to access external web sites. These restrictions reduce exposure to the majority of these issues from external sources. However, an authorized but unprivileged network user or an external attacker able to successfully leverage network access or entice an authorized user to access a malicious URL could attempt to exploit these issues.
A remote user can gain access to the target system.
A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Symantec Messaging Gateway software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
A remote user can obtain potentially sensitive version information.
A remote authenticated user can modify the application.
The vendor has issued a fix (10.0).