McAfee Email Gateway (formerly IronMail) - Internal Information Disclosure

EDB-ID:

12091

CVE:

N/A


Platform:

FreeBSD

Published:

2010-04-06

Advisory Name: Internal Information Disclosure in McAfee Email Gateway (formerly IronMail)
Vulnerability Class: Information Disclosure
Release Date: Tue Apr 6, 2010
Affected Applications: Secure Mail (Ironmail) ver.6.7.1
Affected Platforms: FreeBSD 6.2 / Apache-Coyote 1.1
Local / Remote: Local
Severity: Low – CVSS: 1.7 (AV:L/AC:L/Au:S/C:P/I:N/A:N)
Researcher: Nahuel Grisolía

Vendor Status: Official Patch Released. Install McAfee Email Gateway 6.7.2 Hotfix 2.
Reference to Vulnerability Disclosure Policy: http://www.cybsec.com/vulnerability_policy.pdf

Vulnerability Description:
Some files that allow to obtain usernames and other internal information can be read by any user inside
the CLI.

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/12091.pdf (cybsec_advisory_2010_0403.pdf)