Jump to content
osirium

Symantec Messaging Gateway <= 10.6.3-2 unauthenticated root RCE

By osirium, in Exploituri

Recommended Posts

osirium Newbie

osirium

Posted
Posted

CVE-2017-6327: Symantec Messaging Gateway <= 10.6.3-2 unauthenticated root RCE

"

This is an advisory for CVE-2017-6327 which is an unauthenticated remote code execution flaw in the web interface of Symantec Messaging Gateway prior to and including version 10.6.3-2, which can be used to execute commands as root.

Symantec Messaging Gateway, formerly known as Brightmail, is a linux-based anti-spam/security product for e-mail servers. It is deployed as a physical device or with ESX in close proximity to the servers it is designed to protect.

"

 

PS. The advisory says something regards a fully automated python file which can be used to p0wn vulnerable targets but probably won't be released for well-understood reasons. 

 

Source: http://seclists.org/fulldisclosure/2017/Aug/28

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...