Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:C23B83741EBACB4021AE8BF15D522878
HistoryOct 02, 2012 - 12:00 a.m.

Symantec Messaging Gateway Default SSH Password

2012-10-0200:00:00
SAINT Corporation
download.saintcorporation.com
25

EPSS

0.19

Percentile

96.3%

JSON

Added: 10/02/2012
CVE: CVE-2012-3579
BID: 55143
OSVDB: 85028

Background

Symantec Messaging Gateway is an email virus protection appliance that also provides antispam protection.

Problem

Symantec Messaging Gateway versions before 10.0 have a default password for the “support” account, which can be used to login remotely to the SSH service, and then gain privileged access.

Resolution

Upgrade to Symantec Messaging Gateway 10.0 or higher.

References

[http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&amp;pvid=security_advisory&amp;year=2012&amp;suid=20120827_00 ](<http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00
>)

Limitations

Exploit works against Symantec Messaging Gateway 9.5.3-3 on platform CentOS Project CentOS 5.0 with Exec-Shield Enabled.

The OpenSSH client must be installed on the SAINTexploit host.

Platforms

Linux

Related

saint 3
exploitdb 1
nvd 1
prion 1
cvelist 1
metasploit 1
cve 1
packetstorm 1
checkpoint_advisories 1
securityvulns 2
openvas 1
symantec 1
nessus 1
saint
saint
Symantec Messaging Gateway Default SSH Password
2012-10-02 00:00:00
Symantec Messaging Gateway Default SSH Password
2012-10-02 00:00:00
Symantec Messaging Gateway Default SSH Password
2012-10-02 00:00:00
exploitdb
exploitdb
Symantec Messaging Gateway 9.5/9.5.1 - SSH Default Password Security Bypass (Metasploit)
2012-08-30 00:00:00
nvd
nvd
CVE-2012-3579
2012-08-29 10:56:40
prion
prion
Default credentials
2012-08-29 10:56:00
cvelist
cvelist
CVE-2012-3579
2012-08-29 10:00:00
metasploit
metasploit
Symantec Messaging Gateway 9.5 Default SSH Password Vulnerability
2012-09-05 18:21:10
cve
cve
CVE-2012-3579
2012-08-29 10:56:40
packetstorm
packetstorm
Symantec Messaging Gateway 9.5 Default SSH Password
2012-09-06 00:00:00
checkpoint_advisories
checkpoint_advisories
Symantec Messaging Gateway Default SSH Password (CVE-2012-3579)
2012-11-25 00:00:00
securityvulns
securityvulns
SEC Consult SA-20120829-0 :: Symantec Messaging Gateway - Support Backdoor
2012-09-02 00:00:00
Symantec Messaging Gateway backdoor
2012-09-19 00:00:00
openvas
openvas
Symantec Messaging Gateway < 10.0 Multiple Vulnerabilities
2012-09-04 00:00:00
symantec
symantec
Symantec Messaging Gateway Security Issues
2012-08-27 08:00:00
nessus
nessus
Symantec Messaging Gateway 9.5.x Multiple Vulnerabilities (SYM12-013)
2012-09-07 00:00:00

EPSS

0.19

Percentile

96.3%

JSON
Related for SAINT:C23B83741EBACB4021AE8BF15D522878
saint3exploitdb1nvd1prion1cvelist1metasploit1cve1packetstorm1checkpoint_advisories1securityvulns2openvas1symantec1nessus1