Home > Cyber News > Beware of CVE-2017-6326, RCE Bug in Symantec Messaging Gateway

Beware of CVE-2017-6326, RCE Bug in Symantec Messaging Gateway

Symantec just fixed three flaws (CVE-2017-6326, CVE-2017-6324, CVE-2017-6325) in the Symantec Messaging Gateway (SMG). The vulnerabilities were of the remote code execution, privilege escalation and file inclusion types. A security advisory addressing the vulnerabilities has been issued.

Related Story: Symantec Products Guilty of Charge of Multiple Severe Flaws

The flaws were disclosed by researchers Adam Witt and Mehmet Dursun Ince.

More about CVE-2017-6326

This bug is quite severe, and even though no specific details are available yet, Symantec informs that the vulnerability could be leveraged in remote code execution attacks in the MSG console.

More about CVE-2017-6324

This flaw is also a serious one and could lead to privilege escalation. It could be exploited when SMG processes a malicious email attachment, and later on this could allow malformed or corrupted Microsoft Word files to sneak in. If the files contain embedded malicious macros, they can dodge the disarm functionality of SMG.

More about CVE-2017-6325

This vulnerability is less dangerous, as it is file inclusion one, most likely to affect web applications on a scripting run time, Symantec explains. “This issue is caused when an application builds a path to executable code using an attacker-controlled variable in a way that allows the attacker to control which file is executed at run time,” the company adds.

This file inclusion vulnerability subverts how an application loads code for execution. Successful exploitation of a file inclusion vulnerability will result in remote code execution on the web server that runs the affected web application.

Fortunately, the AV company released a patch for the SMG, version 10.6.3 with patch 10.6.3-266. Needless to say, users are highly advised apply the patches as soon as possible to avoid becoming victims of exploits.

Another recommendation regarding security is that users restrict access via the least privilege principle. This is when access to apps and systems is only given when user really needs them to limit the potential damage of an attack.

Related Story: Symantec/Norton CVE-2016-2208 Flaw Causes Remote Memory Corruption

Last year, Symantec fixed a bunch of severe bugs in their security products, as well as the terrifying CVE-2016-2208, located in the core Symantec Antivirus Engine applied in most Symantec and Norton AV products.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree