| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | Advisory Name: Denial of Service in McAfee Email Gateway (formerly IronMail) Vulnerability Class: Denial of Service Release Date: Tue Apr 6, 2010 Affected Applications: Secure Mail (Ironmail) ver.6.7.1 Affected Platforms: FreeBSD 6.2 / Apache-Coyote 1.1 Local / Remote: Local Severity: Medium – CVSS: 4.6 (AV:L/AC:L/Au:S/C:N/I:N/A:C) Researcher: Nahuel Grisolía Vendor Status: Official Patch Released. Install McAfee Email Gateway 6.7.2 Hotfix 2. Reference to Vulnerability Disclosure Policy: http://www.cybsec.com/vulnerability_policy.pdf Vulnerability Description: Users inside the CLI can run some kind of “Fork Bomb” in order to saturate system resources because of an insecure ulimit value. Download: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/12093.pdf (cybsec_advisory_2010_0401.pdf) |