Local Privilege Escalation in McAfee Email Gateway (formerly IronMail)

vendor:

Secure Mail (Ironmail)

by:

Nahuel Grisolía

6,4

CVSS

MEDIUM

Local Privilege Escalation

264

CWE

Product Name: Secure Mail (Ironmail)

Affected Version From: Secure Mail (Ironmail) ver.6.7.1

Affected Version To: Secure Mail (Ironmail) ver.6.7.1

Patch Exists: YES

Related CWE: N/A

CPE: a:mcafee:secure_mail:6.7.1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: FreeBSD 6.2 / Apache-Coyote 1.1

2010

Local Privilege Escalation in McAfee Email Gateway (formerly IronMail)

Ironmail was found to allow any CLI user to run arbitrary commands with Admin rights, due to improper handling of environment variables.

Mitigation:

Install McAfee Email Gateway 6.7.2 Hotfix 2.

Source

Exploit-DB raw data:

Advisory Name: Local Privilege Escalation in McAfee Email Gateway (formerly IronMail)
Vulnerability Class: Local Privilege Escalation
Release Date: Tue Apr 6, 2010
Affected Applications: Secure Mail (Ironmail) ver.6.7.1
Affected Platforms: FreeBSD 6.2 / Apache-Coyote 1.1
Local / Remote: Local
Severity: Medium - CVSS: 6.4 (AV:L/AC:L/Au:S/C:P/I:C/A:C)
Researcher: Nahuel Grisolía

Vendor Status: Official Patch Released. Install McAfee Email Gateway 6.7.2 Hotfix 2.
Reference to Vulnerability Disclosure Policy: http://www.cybsec.com/vulnerability_policy.pdf

Vulnerability Description:
Ironmail was found to allow any CLI user to run arbitrary commands with Admin rights, due to
improper handling of environment variables.

Download:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/12090.pdf (cybsec_advisory_2010_0404.pdf)