he jij,
BE op de hoogte!

35,000 ransomware infecties per maand en je nog steeds geloven dat je beschermd?

Meld je aan en ontvang:

  • alerts
  • nieuws
  • gratis how-to-gidsen te verwijderen

van de nieuwste online bedreigingen - direct in je inbox:


Dell SonicWALL Email Security Platform Gebreken Kan Oorzaak Sensitive Information Disclosure

kwetsbaarheid-stforum

Four previously unknown vulnerabilities were found in the Dell SonicWALL Email Security virtual appliance app by researchers at Digital Defense Inc. The researchers detected the flaws while developing new audit modules for its patented vulnerability scanning technology. The flaws should be addressed immediately because of the easily accessible web interface on internet or intranet-connected application for the app. Bovendien, there’s a potential for unauthorized individuals to access sensitive information.

The Dell SonicWALL Email Security platform can be configured as a Mail Transfer Agent (MTA) or SMTP proxy and with spam protection, compliance scanning, anti-malware and anti-virus capabilities.

What’s the Impact of the Flaws in Dell SonicWALL Email Security platform?

If these vulnerabilities end up being exploited in the wild, worst case scenario is sensitive data disclosure of admin account password hash, arbitrary OS command execution and file deletion as ROOT. tenslotte, the scenario would end with complete compromise of the appliance.

Verwant: Dell technische ondersteuning Oplichting Point bij een Major Customer Data Breach

Gelukkig, Dell has already addressed the vulnerabilities in a rollup patch 8.3.2 for the SonicWALL Email Security platform. The patch has been available to customers since October 3, 2016.

Here is a short resume of all four vulnerabilities:

  • Authentication Bypass in DLoadReportsServlet
  • Impact: Sensitive information disclosure including config files and the SHA1 password hash for the admin account.

  • Authenticated XML External Entity Injection in known_network_data_import.html
  • Impact: Information disclosure.

  • Authenticated Remote Command Execution in manage_ftpprofile.html
  • Impact: Arbitrary OS command execution as root, full compromise of the virtual appliance.

  • Authenticated Arbitrary File Deletion in policy_dictionary.html
  • Impact: Deletion of arbitrary files with root privileges, denial of service.

    Milena Dimitrova

    Een geïnspireerde schrijver, gericht op de privacy van gebruikers en kwaadaardige software. Geniet 'Mr. Robot 'en angsten' 1984 '.

    Meer berichten - Website

Delen op Facebook Aandeel
Loading ...
Delen op Twitter Gekwetter
Loading ...
Delen op Google Plus Aandeel
Loading ...
Delen op Linkedin Aandeel
Loading ...
Delen op Digg Aandeel
Deel op Reddit Aandeel
Loading ...
Delen op StumbleUpon Aandeel
Loading ...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.