McAfee Email Gateway (formerly IronMail) - Local Privilege Escalation

Author: Nahuel Grisolia
type: local
platform: freebsd
port: 
date_added: 2010-04-05 
date_updated:  
verified: 0 
codes:  
tags: 
aliases: cybsec_advisory_2010_0404.pdf 
screenshot_url:  
application_url: 

Advisory Name: Local Privilege Escalation in McAfee Email Gateway (formerly IronMail)
Vulnerability Class: Local Privilege Escalation
Release Date: Tue Apr 6, 2010
Affected Applications: Secure Mail (Ironmail) ver.6.7.1
Affected Platforms: FreeBSD 6.2 / Apache-Coyote 1.1
Local / Remote: Local
Severity: Medium - CVSS: 6.4 (AV:L/AC:L/Au:S/C:P/I:C/A:C)
Researcher: Nahuel Grisolía

Vendor Status: Official Patch Released. Install McAfee Email Gateway 6.7.2 Hotfix 2.
Reference to Vulnerability Disclosure Policy: http://www.cybsec.com/vulnerability_policy.pdf

Vulnerability Description:
Ironmail was found to allow any CLI user to run arbitrary commands with Admin rights, due to
improper handling of environment variables.

Download:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/12090.pdf (cybsec_advisory_2010_0404.pdf)