Details of VAR-201212-0025

ID

VAR-201212-0025

CVE

CVE-2012-4347

TITLE

Symantec Messaging Gateway Vulnerable to directory traversal

Trust: 0.8

sources: JVNDB: JVNDB-2012-005666

DESCRIPTION

Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do. (1) brightmail/export of .. An attacker can exploit these issues to download arbitrary files within the context of the web server process. Information obtained may aid in further attacks. Symantec Messaging Gateway 9.5.x versions are vulnerable. Symantec Messaging Gateway is a spam filter that integrates anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies from Symantec. By (1) adding .. to the localBackupFileSelection parameter in the APPLIANCE restoreSource operation and sending it to brightmail/admin/restore/download.do, remote attackers use The vulnerability reads arbitrary files

Trust: 1.98

sources: NVD: CVE-2012-4347 // JVNDB: JVNDB-2012-005666 // BID: 56789 // VULHUB: VHN-57628

AFFECTED PRODUCTS

vendor:	symantec	model:	messaging gateway	scope:	eq	version:	9.5.1	Trust: 1.9
vendor:	symantec	model:	messaging gateway	scope:	eq	version:	9.5	Trust: 1.9
vendor:	symantec	model:	messaging gateway	scope:	eq	version:	9.5.2	Trust: 1.6
vendor:	symantec	model:	messaging gateway	scope:	eq	version:	9.5.3	Trust: 1.6
vendor:	symantec	model:	messaging gateway	scope:	eq	version:	9.5.4	Trust: 1.6
vendor:	symantec	model:	messaging gateway	scope:	eq	version:	9.5 and 9.5.1	Trust: 0.8
vendor:	symantec	model:	messaging gateway	scope:	eq	version:	9.5.3-3	Trust: 0.3

sources: BID: 56789 // JVNDB: JVNDB-2012-005666 // CNNVD: CNNVD-201212-068 // NVD: CVE-2012-4347

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-4347
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-4347
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201212-068
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-57628
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-4347
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-57628
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-57628 // JVNDB: JVNDB-2012-005666 // CNNVD: CNNVD-201212-068 // NVD: CVE-2012-4347

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-57628 // JVNDB: JVNDB-2012-005666 // NVD: CVE-2012-4347

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201212-068

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201212-068

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-005666

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-57628

PATCH

title:

Symantec Messaging Gateway powered by Brightmail

url:

http://www.cybernet.co.jp/symantec/products/msg/smg.html

Trust: 0.8

sources: JVNDB: JVNDB-2012-005666

EXTERNAL IDS

db:	NVD	id:	CVE-2012-4347	Trust: 2.8
db:	BID	id:	56789	Trust: 2.0
db:	JVNDB	id:	JVNDB-2012-005666	Trust: 0.8
db:	CNNVD	id:	CNNVD-201212-068	Trust: 0.7
db:	EXPLOIT-DB	id:	23110	Trust: 0.1
db:	SEEBUG	id:	SSVID-76888	Trust: 0.1
db:	VULHUB	id:	VHN-57628	Trust: 0.1

sources: VULHUB: VHN-57628 // BID: 56789 // JVNDB: JVNDB-2012-005666 // CNNVD: CNNVD-201212-068 // NVD: CVE-2012-4347

REFERENCES

url:	http://www.securityfocus.com/bid/56789	Trust: 1.7
url:	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00	Trust: 1.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4347	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4347	Trust: 0.8
url:	http://www.symantec.com/messaging-gateway	Trust: 0.3
url:	http://www.nccgroup.com/en/learning-research-centre/security-testing-audit-compliance-resources/technical-advisories/symantec-messaging-gateway-arbitrary-file-download-is-possible-with-a-crafted-url/#	Trust: 0.3
url:	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00	Trust: 0.1

sources: VULHUB: VHN-57628 // BID: 56789 // JVNDB: JVNDB-2012-005666 // CNNVD: CNNVD-201212-068 // NVD: CVE-2012-4347

CREDITS

Ben Williams

Trust: 0.3

sources: BID: 56789

SOURCES

db:	VULHUB	id:	VHN-57628
db:	BID	id:	56789
db:	JVNDB	id:	JVNDB-2012-005666
db:	CNNVD	id:	CNNVD-201212-068
db:	NVD	id:	CVE-2012-4347

LAST UPDATE DATE

2024-11-23T22:53:29.877000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-57628	date:	2013-10-11T00:00:00
db:	BID	id:	56789	date:	2012-12-01T00:00:00
db:	JVNDB	id:	JVNDB-2012-005666	date:	2012-12-06T00:00:00
db:	CNNVD	id:	CNNVD-201212-068	date:	2012-12-07T00:00:00
db:	NVD	id:	CVE-2012-4347	date:	2024-11-21T01:42:43.280

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-57628	date:	2012-12-05T00:00:00
db:	BID	id:	56789	date:	2012-12-01T00:00:00
db:	JVNDB	id:	JVNDB-2012-005666	date:	2012-12-06T00:00:00
db:	CNNVD	id:	CNNVD-201212-068	date:	2012-12-07T00:00:00
db:	NVD	id:	CVE-2012-4347	date:	2012-12-05T11:57:14.850