Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:A386D62F213C8453D718F76E78CD1EA3
HistoryOct 02, 2012 - 12:00 a.m.

Symantec Messaging Gateway Default SSH Password

2012-10-0200:00:00
SAINT Corporation
www.saintcorporation.com
22

EPSS

0.19

Percentile

96.3%

JSON

Added: 10/02/2012
CVE: CVE-2012-3579
BID: 55143
OSVDB: 85028

Background

Symantec Messaging Gateway is an email virus protection appliance that also provides antispam protection.

Problem

Symantec Messaging Gateway versions before 10.0 have a default password for the “support” account, which can be used to login remotely to the SSH service, and then gain privileged access.

Resolution

Upgrade to Symantec Messaging Gateway 10.0 or higher.

References

[http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&amp;pvid=security_advisory&amp;year=2012&amp;suid=20120827_00 ](<http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00
>)

Limitations

Exploit works against Symantec Messaging Gateway 9.5.3-3 on platform CentOS Project CentOS 5.0 with Exec-Shield Enabled.

The OpenSSH client must be installed on the SAINTexploit host.

Platforms

Linux

Related

exploitdb 1
saint 3
nvd 1
prion 1
cvelist 1
metasploit 1
cve 1
packetstorm 1
checkpoint_advisories 1
securityvulns 2
openvas 1
symantec 1
nessus 1
exploitdb
exploitdb
Symantec Messaging Gateway 9.5/9.5.1 - SSH Default Password Security Bypass (Metasploit)
2012-08-30 00:00:00
saint
saint
Symantec Messaging Gateway Default SSH Password
2012-10-02 00:00:00
Symantec Messaging Gateway Default SSH Password
2012-10-02 00:00:00
Symantec Messaging Gateway Default SSH Password
2012-10-02 00:00:00
nvd
nvd
CVE-2012-3579
2012-08-29 10:56:40
prion
prion
Default credentials
2012-08-29 10:56:00
cvelist
cvelist
CVE-2012-3579
2012-08-29 10:00:00
metasploit
metasploit
Symantec Messaging Gateway 9.5 Default SSH Password Vulnerability
2012-09-05 18:21:10
cve
cve
CVE-2012-3579
2012-08-29 10:56:40
packetstorm
packetstorm
Symantec Messaging Gateway 9.5 Default SSH Password
2012-09-06 00:00:00
checkpoint_advisories
checkpoint_advisories
Symantec Messaging Gateway Default SSH Password (CVE-2012-3579)
2012-11-25 00:00:00
securityvulns
securityvulns
SEC Consult SA-20120829-0 :: Symantec Messaging Gateway - Support Backdoor
2012-09-02 00:00:00
Symantec Messaging Gateway backdoor
2012-09-19 00:00:00
openvas
openvas
Symantec Messaging Gateway < 10.0 Multiple Vulnerabilities
2012-09-04 00:00:00
symantec
symantec
Symantec Messaging Gateway Security Issues
2012-08-27 08:00:00
nessus
nessus
Symantec Messaging Gateway 9.5.x Multiple Vulnerabilities (SYM12-013)
2012-09-07 00:00:00

EPSS

0.19

Percentile

96.3%

JSON
Related for SAINT:A386D62F213C8453D718F76E78CD1EA3
exploitdb1saint3nvd1prion1cvelist1metasploit1cve1packetstorm1checkpoint_advisories1securityvulns2openvas1symantec1nessus1