Trend Micro Exchange ScanMail验证可绕过漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1107158 漏洞类型 授权问题
发布时间 2003-01-15 更新时间 2007-10-16
CVE编号 CVE-2003-1343 CNNVD-ID CNNVD-200312-286
漏洞平台 Windows CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/22174
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-286
|漏洞详情
TrendMicroScanMailforMicrosoftExchange(SMEX)是美国趋势科技(TrendMicro)开发和维护的一套专为保护Exchange和Domino邮件服务器免遭病毒、间谍软件和垃圾邮件的威胁而设计的邮件防火墙解决方案。TrendMicroScanMail存在漏洞,远程攻击者可以利用这个漏洞绕过已经存在的验证机器,访问ScanMail管理系统。目前没有获得详细漏洞细节。
|漏洞EXP
source: http://www.securityfocus.com/bid/6619/info

A vulnerability has been reported for ScanMail for Microsoft Exchange. The vulnerability allows a remote attacker to bypass existing authentication mechanisms and obtain access to ScanMail's management system.

http://x.x.x.x:16372/smg_Smxcfg30.exe?vcc=3560121183d3
|参考资料

来源:BID
名称:6619
链接:http://www.securityfocus.com/bid/6619
来源:XF
名称:scanmail-smgsmxcfg30-password-bypass(11061)
链接:http://xforce.iss.net/xforce/xfdb/11061
来源:SECUNIA
名称:7881
链接:http://secunia.com/advisories/7881
来源:kb.trendmicro.com
链接:http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13352
来源:VULNWATCH
名称:20030114RE:[VulnWatch]AssortedTrendVulnsRev2.0
链接:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0021.html
来源:NSFOCUS
名称:4247
链接:http://www.nsfocus.net/vulndb/4247