Symantec patches Messaging Gateway remote code execution bugs

Share this…

The three vulnerabilities allow attackers to disarm the platform and execute code.

Symantec has patched three vulnerabilities in the Symantec Messaging Gateway (SMG) which could be exploited by attackers to remotely execute code.

On Wednesday, the cybersecurity firm issued a security advisory warning of the bugs, all of which are specific to the SMG enterprise software.

The first issue, CVE-2017-6326, is a high-impact bug. While there are no technical details currently available, Symantec says the security flaw can be exploited to perform remote code execution in the SMG console.

The second vulnerability, CVE-2017-6324, is another critical problem. When SMG processes a crafted email attachment, this can allow malformed or corrupted Microsoft Word files to pass through.

If these files are embedded with malicious macros, they can bypass the “disarm” functionality of SMG. When exploiting this issue, attackers can perform privilege escalation.

Finally, the third bug, CVE-2017-6325, is a slightly less severe security flaw. The bug appears when SMG encounters a file inclusion vulnerability, often found to affect web applications which rely on scripting run time.

The issue is caused when an application builds a path for remote code execution and can be exploited by attackers to subvert how an app loads code. When executed, hackers can remotely execute code on the web server running the vulnerable application.

A patch has been released for Symantec Messaging Gateway, version 10.6.3 with patch 10.6.3-266, to smooth over these bugs. It is, as always, recommended that users update their systems as soon as possible to keep themselves safe from exploit.

The security firm also recommends that users restrict access through the principle of least privilege, in which access to sensitive applications and systems are only granted when a user truly needs them to limit the amount of potential damage an attacker could do in the case of compromise.

Symantec thanked security researchers Adam Witt and Mehmet Dursun Ince for discovering the issues and submitting their findings.

Back in January, Symantec was forced to revoke a set of insecure security certificates after they were issued to the public realm by mistake. The test certificates, sent out by a partner firm by accident, could have been used to back up malicious software and websites.