Symantec Brightmail AntiSpam: Malformed MIME, Denial of Service
SUMMARY
Risk Impact
Low
|
Remote Access |
Yes (incoming mail) |
|
Local Access |
No |
|
Authentication Required |
No |
|
Exploit publicly available |
NA |
AFFECTED PRODUCTS
|
Product |
Version |
Build |
Solution |
|
Symantec Brightmail AntiSpam |
6.0 |
1 |
|
|
Symantec Brightmail AntiSpam |
6.0 |
2 |
Note: Customers with product versions prior to 6.0.1 are encouraged to upgrade to the latest product version.
ISSUES
Details
A potential denial of service issue has been identified and fixed in the Symantec Brightmail AntiSpam product. When processing malformed MIME content, the bmserver component may terminate causing a denial of service.
MITIGATION
Symantec Response
An update for Symantec Brightmail AntiSpam Versions 6.0.1 has been released and can be downloaded from the following location:
ftp://ftp.symantec.com/public/english_us_canada/products/sba/sba_60x/updates/patch162.zip
An update for Symantec Brightmail AntiSpam Versions 6.0.2 has been released and can be downloaded from the following location:
ftp://ftp.symantec.com/public/english_us_canada/products/sba/sba_60x/updates/patch161.zip
Symantec is not aware of any active attempts against or customers impacted by this issue.
As a part of normal best practices, users should keep vendor-supplied patches for all application software and operating systems up-to-date. Symantec strongly recommends any affected customers update their product immediately to protect against these types of threats