Symantec Brightmail AntiSpam: Nested Zip File, Denial of Service
SUMMARY
Risk Impact
Low
Remote Access |
Yes (incoming mail) |
Local Access |
No |
Authentication Required |
No |
Exploit publicly available |
NA |
AFFECTED PRODUCTS
Product |
Version |
Build |
Solution |
Symantec Brightmail AntiSpam |
6.0 |
1 |
|
Symantec Brightmail AntiSpam |
6.0 |
2 |
|
Symantec Mail Security 8200 Series Appliance |
All |
All |
Automatic Update available |
Note: Customers with product versions prior to 6.0.1 are encouraged to upgrade to the latest product version.
ADDITIONAL PRODUCT INFORMATION
Non-Affected Products
Product |
Version |
Build |
Solution |
Symantec Brightmail AntiSpam |
Win32 |
All |
All |
Symantec Brightmail AntiSpam |
Win32 |
All |
All |
ISSUES
Details
A potential Denial of Service issue has been identified and fixed in the Symantec Brightmail AntiSpam product. When processing zip files containing a large number of nested zip files, the product appears to hang while scanning for malicious content.
MITIGATION
Symantec Response
An update for Symantec Brightmail AntiSpam Versions 6.0.1 and 6.0.2 has been released and can be downloaded from the following location:
ftp://ftp.symantec.com/public/english_us_canada/products/sba/sba_60x/updates/patch157.zip
An update for the Symantec Mail Security 8200 Series Appliance is available through its software update feature.
Symantec is not aware of any active attempts against or customers impacted by this issue.
As a part of normal best practices, users should keep vendor-supplied patches for all application software and operating systems up-to-date. Symantec strongly recommends any affected customers update their product immediately to protect against these types of threats