TTCSIRT-033.081417: TT-CSIRT Advisory – Symantec Security Updates
Symantec has released a security update to address the following security vulnerabilities in Symantec Messaging Gateway:
a) Remote Code Execution – an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after gaining access to the system, the attacker may attempt to elevate their privileges.
b) Cross Site Request Forgery – an issue of cross site request forgery also known as one-click attack and is abbreviated as CSRF or XSRF, which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. A CSRF attack attempts to exploit the trust that a specific website has in a user’s browser.
|For further information on these vulnerabilities and how they can be mitigated can be found on the Symantec Website at https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170810_00|