lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 30 Aug 2012 16:01:47 +0300
From: SEC Consult Vulnerability Lab <>
To: <>
Subject: SEC Consult 20120829-0 :: Symantec Messaging
	Gateway - Support Backdoor

SEC Consult Vulnerability Lab Security Advisory < 20120829-0 >
              title: Support Backdoor
            product: Symantec Messaging Gateway
 vulnerable version: 9.5.x
      fixed version: 10.0
         CVE number: CVE-2012-3579
             impact: Critical
              found: 2012-06-26
                 by: S. Viehböck
                     SEC Consult Vulnerability Lab

Vendor/product description:
"Symantec Messaging Gateway powered by Brightmail, delivers inbound and outbound
messaging security, with effective and accurate real-time antispam and antivirus
protection, advanced content filtering, data loss prevention, and email
encryption. Messaging Gateway is simple to administer and catches more than 99%
of spam with less than one in a million false positives. Defend your email
perimeter, and quickly respond to new messaging threats with this market leading
messaging security solution."


Vulnerability overview/description:
By default the 'support' user is enabled and uses an insecure password. This
user is not visible in the web interface and therefore cannot be disabled.
As the appliance provides a SSH daemon on all interfaces, this account can be
used to gain remote shell access on the device.

Proof of concept:
Connect to the appliance via SSH with the following credentials:

Vulnerable / tested versions:
The vulnerability has been verified to exist in the Symantec Mail Gateway version
9.5.4-4, which was the most recent version at the time of discovery.

Vendor contact timeline:
2012-07-11: Contacting vendor through
2012-07-11: Vendor response - will forward it to product team for validation
2012-07-25: Update to SMG is being finalized, release date will be coordinated
2012-08-27: Vendor releases advisory and new version.
2012-08-29: SEC Consult releases security advisory

Update to the latest release of Symantec Messaging Gateway 10.0.

More information can be found at:

Restrict SSH access to the Symantec Mail Gateway or change the password of
the 'support' user.

Advisory URL:

SEC Consult Unternehmensberatung GmbH

Office Vienna
Mooslackengasse 17
A-1190 Vienna

Tel.: +43 / 1 / 890 30 43 - 0
Fax.: +43 / 1 / 890 30 43 - 25
Mail: research at sec-consult dot com

EOF S. Viehböck / @2012

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists