[SingCERT] Symantec Message Filter Security Issues
- Published on Thursday, 28 June 2012 15:37
[ Summary ]
Symantec has released fixes for Symantec’s Message Filter management interface, the Brightmail Control Center. It is susceptible to a number of security concerns resulting from improper input validation and authentication. Vulnerability severity was rated high for session fixation and cross-site request forgery.
An attacker who is able to leverage access to the network could potentially hijack the session of an authorised user’s session by capturing and reusing the user’s authorised session identifier. If successful, it allows the attacker to modify or disable the application.
Successful exploitation of the cross-site request forgery could potentially allow the attacker to execute arbitrary commands on the application such as creating an unauthorized backdoor access by creating an unauthorized admin account for the application.
[ Affected Products ]
Symantec Message Filter Version 6.3
[ Impact Analysis ]
Successful exploitation will result in the following:
· Unauthorised privileged access to the application
· Execution of unauthorised scripts in the context of the targeted user’s browser
· Disclose of application versioning information that could potentially be leveraged in further exploitation attempts.
[ Solution/Workaround ]
Updates are available. Please refer to the advisory provided by Symantec.
[ Reference ]