### Key Information - **Vulnerability Name:** Symantec Messaging Gateway 10.6.3-2 - Root Remote Command Execution - **Vulnerability ID (EDB-ID):** 42519 - **CVE Number:** CVE-2017-6327 - **Discloser:** PHILIP PETTERSSON - **Vulnerability Type:** WEBAPPS - **Platform:** JSP - **Disclosure Date:** 2017-08-18 - **Affected Application:** Symantec Messaging Gateway ### Vulnerability Details - **Bug #1:** Web authentication bypass - Exploits the `LoginAction.notificationLogin` method to bypass authentication. - Example request includes `method=notificationLogin¬ify` parameter, leveraging static password encryption of the `notify` parameter. - **Bug #2:** Command injection - Exploits command injection vulnerability in the `RestoreAction.performRestore` method. - Provided parameters are executed as commands in the local `db-restore` script. - **Combining Bug #1 and #2:** - Creates a valid session and compromises the restore functionality to execute commands on the target server. - **Impact:** Unauthenticated remote attackers can execute arbitrary commands with root privileges. ### Reference Links - [Symantec Security Advisory](https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170810_00)