Lucene search

K

SAINT CorporationSAINT:F85A04D342773B35F14A0A2777F6D29C

HistoryAug 24, 2012 - 12:00 a.m.

Symantec Web Gateway pbcontrol.php Command Injection

2012-08-2400:00:00

SAINT Corporation

my.saintcorporation.com

12

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.959 High

EPSS

Percentile

99.5%

Added: 08/24/2012
CVE: CVE-2012-2953
BID: 54426
OSVDB: 84120

Background

Symantec Web Gateway protects organizations against multiple types of Web-based malware and prevents data loss over the Web.

Problem

Symantec Web Gateway 5.0.x.x before 5.0.3.18 is vulnerable to command injection due to spywall/pbcontrol.php failing to properly sanitize input passed via the filename parameter. This may allow a remote attacker to execute arbitrary shell commands.

Resolution

Upgrade to Symantec Web Gateway 5.0.3.18 or later with the Database Update 5.0.0.438 or later.

References

[http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20120720_00 ](<http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20120720_00
>)

Limitations

This exploit was tested against Symantec Web Gateway 5.0.0.216 on Fedora Project Fedora Core 3 with Exec-Shield Enabled.

Platforms

Linux

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.959 High

EPSS

Percentile

99.5%

Related for SAINT:F85A04D342773B35F14A0A2777F6D29C

nvd1 saint3 prion1 dsquare1 packetstorm1 openvas2 cvelist1 cve1 checkpoint_advisories1 cert1 symantec1