Software Engineering Institute

Clear Skies Security's advisory states:

"Enduser Authentication Bypass
User-level access to the Proofpoint mail filter web interface can be obtained as any available user without providing the user’s login credentials.

Path Traversal Allows Access to System Files
Arbitrary files on the Proofpoint appliance can be obtained by manipulating a flaw in the web interface.

Proofpoint SQL Injection
A publicly accessible function in the Proofpoint interface is vulnerable to SQL Injection.

Proofpoint Command Injection
A function in the Proofpoint web interface can be manipulated into executing any command on the server.

Proofpoint Forced Browsing / Insufficient Page Authorization
Some administrative modules are accessible without authenticating with the application."

An attacker may be able to bypass authentication to the web interface, run system commands, or download arbitrary files.

Apply an Update
The following patches should be applied to the relevant versions.

• Patch 1044 for versions 5.5.3, 5.5.4, and 5.5.5
• Patch 1045 for versions 6.0.2
• Patch 1046 for versions 6.1.1 and 6.2.0

Restrict Access
Appropriate firewall rules should be implemented to restrict access to only legitimate users of the system.