Jump to content
osirium

Symantec Messaging Gateway <= 10.6.3-2 unauthenticated root RCE

By osirium, in Exploituri

Recommended Posts

osirium Newbie

osirium

Posted
Posted

CVE-2017-6327: Symantec Messaging Gateway <= 10.6.3-2 unauthenticated root RCE

"

This is an advisory for CVE-2017-6327 which is an unauthenticated remote code execution flaw in the web interface of Symantec Messaging Gateway prior to and including version 10.6.3-2, which can be used to execute commands as root.

Symantec Messaging Gateway, formerly known as Brightmail, is a linux-based anti-spam/security product for e-mail servers. It is deployed as a physical device or with ESX in close proximity to the servers it is designed to protect.

"

 

PS. The advisory says something regards a fully automated python file which can be used to p0wn vulnerable targets but probably won't be released for well-understood reasons. 

 

Source: http://seclists.org/fulldisclosure/2017/Aug/28

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...