Symantec Brightmail AntiSpam Multiple Vulnerabilities

AntiSpam

0 more products

1096

06 March 2020

27 July 2006

CLOSED

MEDIUM

SUMMARY

 

Multiple vulnerabilities have been reported in Symantec Brightmail AntiSpam. Confidential system information can be read or modified by combining these issues.

Risk Impact
Medium

Remote

Yes

Local

No

Authentication Required

No

Exploit publicly available

No

 

AFFECTED PRODUCTS

 

Product

Version

Build

Upgrade To

Symantec Brightmail AntiSpam (SBAS)

All

All

SMS for SMTP 5 or SBAS 6.0.4

 

ISSUES

 

Details
Symantec Brightmail AntiSpam fails to fully sanitize file names passed to the DATABLOB-GET / DATABLOB-SAVE requests of directory traversal Sequences. This directory traversal vulnerability could result in confidential system information being exposed.

During the installation of email scanners, three options are given for identifying the Brightmail AntiSpam Control Center that will control the scanner. The first option is a local Control Center; the second option is to identify the Control Center by its IP address; and the third option allows the Control Center to connect from any computer. The third option could allow an attacker to impersonate the Control Center, exposing the following vulnerabilities.

  • The Brightmail AntiSpam service can be hung by sending invalid posts, causing a Denial of Service.
  • By combining with the Directory Traversal vulnerability, some system files can be read.
  • By combining with the Directory Traversal vulnerability, it is possible to overwrite existing files on the same drive as Symantec Brightmail AntiSpam

 

MITIGATION

 

Symantec Response
Symantec advises all current SBAS customers to upgrade to Symantec Mail Security (SMS) for SMTP 5.0, which does not have this vulnerability. SMS for SMTP 5.0, Symantec's flagship gateway mail security software product, combines proven SBAS technology with significant new email security features. Information describing SMS for SMTP 5.0 is available at http://www.symantec.com/Products/enterprise?c=prodinfo&refId=845&cid=1011. All SBAS customers with current maintenance agreements are entitled to upgrade to SMS for SMTP 5.0 at no additional cost.

For customers unable to upgrade to SMS for SMTP 5.0, Symantec has created and released SBAS 6.0.4, a product update that addresses this vulnerability. SBAS 6.0.4 properly sanitizes all directory traversal input. The option to allow the SBAS Control Center to connect from any IP address has been eliminated. Customers can obtain SBAS 6.0.4 on Symantec FileConnect (https://fileconnect.symantec.com/selectlicenselang.html) using their SBAS license serial number.

ACKNOWLEDGEMENTS

 

Symantec would like to thank George A. Theall of Tenable Network Security, Inc. for reporting this issue and for providing coordination while Symantec resolved it.