Vulnerabilities > CVE-2009-0064 - Remote Privilege Escalation vulnerability in Symantec Brightmail Gateway Appliance 7.5/7.6/7.7
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple unspecified vulnerabilities in the Control Center in Symantec Brightmail Gateway Appliance before 8.0.1 allow remote authenticated users to gain privileges, and possibly obtain sensitive information or hijack sessions of arbitrary users, via vectors involving (1) administrative scripts or (2) console functions.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Hardware | 4 |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 34641,34639 CVE(CAN) ID: CVE-2009-0063,CVE-2009-0064 Brightmail Gateway是赛门铁克的信息安全管理平台。 Brightmail Gateway设备的WEB管理控制台Brightmail安全中心没有正确地过滤外部客户端输入,远程攻击者可以通过提交恶意请求执行跨站脚本攻击;此外某些控制台函数还可能允许非特权的控制中心用户获得提升的权限。 Symantec Brightmail Gateway 8.0 Symantec Brightmail Gateway 5.0 Symantec -------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=https://fileconnect.symantec.com/LangSelection.jsp target=_blank rel=external nofollow>https://fileconnect.symantec.com/LangSelection.jsp</a> |
| id | SSV:5108 |
| last seen | 2017-11-19 |
| modified | 2009-04-25 |
| published | 2009-04-25 |
| reporter | Root |
| title | Symantec Brightmail Gateway控制中心跨站脚本和权限提升漏洞 |
References
- http://osvdb.org/53945
- http://secunia.com/advisories/34885
- http://securitytracker.com/id?1022117
- http://www.securityfocus.com/bid/34639
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090423_01
- http://www.vupen.com/english/advisories/2009/1155
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50075