CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
96.3%
Added: 10/02/2012
CVE: CVE-2012-3579
BID: 55143
OSVDB: 85028
Symantec Messaging Gateway is an email virus protection appliance that also provides antispam protection.
Symantec Messaging Gateway versions before 10.0 have a default password for the “support” account, which can be used to login remotely to the SSH service, and then gain privileged access.
Upgrade to Symantec Messaging Gateway 10.0 or higher.
[http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00 ](<http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00
>)
Exploit works against Symantec Messaging Gateway 9.5.3-3 on platform CentOS Project CentOS 5.0 with Exec-Shield Enabled.
The OpenSSH client must be installed on the SAINTexploit host.
Linux