Lucene search

K
saintSAINT CorporationSAINT:2FCC440839CA7F51213AF1F730F4645D
HistoryNov 25, 2013 - 12:00 a.m.

PineApp Mail-SeCure confnetworking.html nsserver command execution

2013-11-2500:00:00
SAINT Corporation
download.saintcorporation.com
21
pineapp mail-secure
cve-2013-6830
command execution
remote attackers
arbitrary commands
confnetworking.html
nsserver parameter
perimeter security
anti-spam
access restriction
linux
wget
exploit

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

Low

EPSS

0.004

Percentile

75.1%

Added: 11/25/2013
CVE: CVE-2013-6830
BID: 63817
OSVDB: 100029

Background

PineApp Mail-SeCure is an e-mail security appliance which provides perimeter security protection to stop threats prior to their penetration of the customer’s network, as well as post-perimeter anti-spam content inspection.

Problem

A vulnerability in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands contained in the **nsserver** parameter in a request for the **confnetworking.html** script.

Resolution

Restrict access to ports 7080 and 7443.

References

http://www.exploit-db.com/exploits/29734/

Limitations

Exploit requires wget to be installed on the target system.

Platforms

Linux

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

Low

EPSS

0.004

Percentile

75.1%

Related for SAINT:2FCC440839CA7F51213AF1F730F4645D