Government of the Republic of Trinidad and Tobago

TTCSIRT-033.081417: TT-CSIRT Advisory – Symantec Security Updates

TTCSIRT-033.081417: TT-CSIRT Advisory – Symantec Security Updates

Symantec has released a security update to address the following security vulnerabilities in Symantec Messaging Gateway:

a) Remote Code Execution – an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after gaining access to the system, the attacker may attempt to elevate their privileges.

b) Cross Site Request Forgery – an issue of cross site request forgery also known as one-click attack and is abbreviated as CSRF or XSRF, which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. A CSRF attack attempts to exploit the trust that a specific website has in a user’s browser.

For further information on these vulnerabilities and how they can be mitigated can be found on the Symantec Website at