Sign-up

ID

VAR-200904-0218


CVE

CVE-2009-0064


TITLE

Symantec Brightmail Gateway Appliance of Control Center Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2009-005735

DESCRIPTION

Multiple unspecified vulnerabilities in the Control Center in Symantec Brightmail Gateway Appliance before 8.0.1 allow remote authenticated users to gain privileges, and possibly obtain sensitive information or hijack sessions of arbitrary users, via vectors involving (1) administrative scripts or (2) console functions. Symantec Brightmail Gateway is prone to a remote privilege-escalation vulnerability. Remote authorized attackers who have access to the targeted host's local network can exploit this issue to gain elevated access. Successful exploits may compromise the affected computer and may aid in other attacks. Versions prior to Brightmail Gateway 8.0.1 are vulnerable. Brightmail Gateway is Symantec's information security management platform. ---------------------------------------------------------------------- Secunia is pleased to announce the release of the annual Secunia report for 2008. Highlights from the 2008 report: * Vulnerability Research * Software Inspection Results * Secunia Research Highlights * Secunia Advisory Statistics Request the full 2008 Report here: http://secunia.com/advisories/try_vi/request_2008_report/ Stay Secure, Secunia ---------------------------------------------------------------------- TITLE: Symantec Brightmail Gateway Control Center Multiple Vulnerabilities SECUNIA ADVISORY ID: SA34885 VERIFY ADVISORY: http://secunia.com/advisories/34885/ DESCRIPTION: Some vulnerabilities have been reported in Symantec Brightmail Gateway, which can be exploited by malicious people to conduct cross-site scripting attacks and by malicious users to bypass certain security restrictions. 1) Certain unspecified input passed to the Control Center is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Update to version 8.0.1 or later. PROVIDED AND/OR DISCOVERED BY: Marian Ventuneac, Perot Systems ORIGINAL ADVISORY: SYM09-005: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090423_01 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2009-0064 // JVNDB: JVNDB-2009-005735 // BID: 34639 // VULHUB: VHN-37510 // PACKETSTORM: 76979

AFFECTED PRODUCTS

vendor:symantecmodel:brightmail gateway appliancescope:eqversion:7.5

Trust: 1.6

vendor:symantecmodel:brightmail gateway appliancescope:eqversion:7.6

Trust: 1.6

vendor:symantecmodel:brightmail gateway appliancescope:eqversion:7.7

Trust: 1.6

vendor:symantecmodel:brightmail gateway appliancescope:lteversion:8.0

Trust: 1.0

vendor:symantecmodel:brightmail gateway appliancescope:ltversion:8.0.1

Trust: 0.8

vendor:symantecmodel:brightmail gateway appliancescope:eqversion:8.0

Trust: 0.6

vendor:symantecmodel:mail security series appliancescope:eqversion:83000

Trust: 0.3

vendor:symantecmodel:mail security series appliancescope:eqversion:8200

Trust: 0.3

vendor:symantecmodel:brightmail gateway series appliancescope:eqversion:83000

Trust: 0.3

vendor:symantecmodel:brightmail appliancescope:eqversion:8.0

Trust: 0.3

vendor:symantecmodel:brightmail appliancescope:eqversion:5.0

Trust: 0.3

vendor:symantecmodel:brightmail appliancescope:neversion:8.0.1

Trust: 0.3

sources: BID: 34639 // JVNDB: JVNDB-2009-005735 // CNNVD: CNNVD-200904-468 // NVD: CVE-2009-0064

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-0064
value: HIGH

Trust: 1.0

NVD: CVE-2009-0064
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200904-468
value: CRITICAL

Trust: 0.6

VULHUB: VHN-37510
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2009-0064
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-37510
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-37510 // JVNDB: JVNDB-2009-005735 // CNNVD: CNNVD-200904-468 // NVD: CVE-2009-0064

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2009-0064

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200904-468

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200904-468

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-005735

PATCH
title:SYM09-005url:http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090423_01
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-005735

EXTERNAL IDS
db:NVDid:CVE-2009-0064
Trust: 2.8
db:BIDid:34639
Trust: 2.0
db:SECUNIAid:34885
Trust: 1.8
db:VUPENid:ADV-2009-1155
Trust: 1.7
db:SECTRACKid:1022117
Trust: 1.7
db:OSVDBid:53945
Trust: 1.7
db:JVNDBid:JVNDB-2009-005735
Trust: 0.8
db:XFid:50075
Trust: 0.6
db:CNNVDid:CNNVD-200904-468
Trust: 0.6
db:VULHUBid:VHN-37510
Trust: 0.1
db:PACKETSTORMid:76979
Trust: 0.1
sources:
            
            
            VULHUB: VHN-37510 // 
            
            
            
            BID: 34639 // 
            
            
            
            JVNDB: JVNDB-2009-005735 // 
            
            
            
            PACKETSTORM: 76979 // 
            
            
            
            CNNVD: CNNVD-200904-468 // 
            
            
            
            NVD: CVE-2009-0064

REFERENCES
url:http://www.securityfocus.com/bid/34639
Trust: 1.7
url:http://osvdb.org/53945
Trust: 1.7
url:http://securitytracker.com/id?1022117
Trust: 1.7
url:http://secunia.com/advisories/34885
Trust: 1.7
url:http://www.vupen.com/english/advisories/2009/1155
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/50075
Trust: 1.1
url:http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090423_01
Trust: 1.0
url:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090423_01
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0064
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0064
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/50075
Trust: 0.6
url:http://www.brightmail.com/
Trust: 0.3
url:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090423_01
Trust: 0.1
url:http://secunia.com/advisories/try_vi/request_2008_report/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/34885/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-37510 // 
            
            
            
            BID: 34639 // 
            
            
            
            JVNDB: JVNDB-2009-005735 // 
            
            
            
            PACKETSTORM: 76979 // 
            
            
            
            CNNVD: CNNVD-200904-468 // 
            
            
            
            NVD: CVE-2009-0064

CREDITS
Marian Ventuneac   marian.ventuneac@ul.ie
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200904-468

SOURCES
db:VULHUBid:VHN-37510
db:BIDid:34639
db:JVNDBid:JVNDB-2009-005735
db:PACKETSTORMid:76979
db:CNNVDid:CNNVD-200904-468
db:NVDid:CVE-2009-0064

LAST UPDATE DATE
2025-04-10T23:05:09.972000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-37510date:2017-08-08T00:00:00
db:BIDid:34639date:2009-04-30T18:46:00
db:JVNDBid:JVNDB-2009-005735date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200904-468date:2009-04-30T00:00:00
db:NVDid:CVE-2009-0064date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-37510date:2009-04-24T00:00:00
db:BIDid:34639date:2009-04-23T00:00:00
db:JVNDBid:JVNDB-2009-005735date:2012-12-20T00:00:00
db:PACKETSTORMid:76979date:2009-04-27T15:17:12
db:CNNVDid:CNNVD-200904-468date:2009-04-24T00:00:00
db:NVDid:CVE-2009-0064date:2009-04-24T15:30:00.203