CVE-2010-0153

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2010-0153 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by Marian Ventuneac.
The original article can be found at: http://seclists.org/bugtraq/2010/Sep/86

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2010-0153

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* IBM Proventia Network Mail Security System - virtual appliance (firmware 1.6)
* IBM Proventia Network Mail Security System - virtual appliance (firmware 2.5)

Immune Systems:
* IBM Proventia Network Mail Security System firmware 2.5.0.2 or later.

The Web-based Local Management Interface (LMI) of IBM Proventia Network Mail Security System appliance (firmware 1.6 and 2.5) is vulnerable to XSRF attacks. When exploited by an attacker, the identified vulnerabilities could lead to compromising the security of the appliance, including unauthorized alteration of appliance's settings, DoS attacks, etc.

CVE Information:
CVE-2010-0153

Disclosure Timeline:
2009, November 08: Notification sent to IBM
2010, March: IBM releases PNMSS Firmware 2.5.0.2 correcting the reported issues
2010, September 12: MVSA-10-006 advisory published.

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus