search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Proofpoint Protection Server contains multiple vulnerabilities

Vulnerability Note VU#790980

Original Release Date: 2011-05-02 | Last Revised: 2011-05-02

Overview

Proofpoint Protection Server contains multiple vulnerabilities including authentication bypass, insufficient authorization checks, command injection, SQL injection, and directory traversal.

Description

Clear Skies Security's advisory states:

"Enduser Authentication Bypass
User-level access to the Proofpoint mail filter web interface can be obtained as any available user without providing the user’s login credentials.

Path Traversal Allows Access to System Files
Arbitrary files on the Proofpoint appliance can be obtained by manipulating a flaw in the web interface.

Proofpoint SQL Injection
A publicly accessible function in the Proofpoint interface is vulnerable to SQL Injection.

Proofpoint Command Injection
A function in the Proofpoint web interface can be manipulated into executing any command on the server.

Proofpoint Forced Browsing / Insufficient Page Authorization
Some administrative modules are accessible without authenticating with the application."

Impact

An attacker may be able to bypass authentication to the web interface, run system commands, or download arbitrary files.

Solution

Apply an Update
The following patches should be applied to the relevant versions.

    • Patch 1044 for versions 5.5.3, 5.5.4, and 5.5.5
    • Patch 1045 for versions 6.0.2
    • Patch 1046 for versions 6.1.1 and 6.2.0

Restrict Access
Appropriate firewall rules should be implemented to restrict access to only legitimate users of the system.

Vendor Information

790980
 
Affected   Unknown   Unaffected

Proofpoint

Notified:  March 02, 2011 Updated:  May 02, 2011

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Acknowledgements

Thanks to Scott Miles of Clear Skies Security for reporting these vulnerabilities.

This document was written by Jared Allar.

Other Information

CVE IDs: None
Severity Metric: 22.50
Date Public: 2011-05-02
Date First Published: 2011-05-02
Date Last Updated: 2011-05-02 18:21 UTC
Document Revision: 14

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.