Symantec Brightmail AntiSpam: Malformed MIME, Denial of Service

AntiSpam

0 more products

1073

06 March 2020

12 October 2005

CLOSED

LOW

SUMMARY

 

Risk Impact
Low

Remote Access

Yes (incoming mail)

Local Access

No

Authentication Required

No

Exploit publicly available

NA

 

AFFECTED PRODUCTS

 

Product

Version

Build

Solution

Symantec Brightmail AntiSpam

6.0

1

Update patch 162

Symantec Brightmail AntiSpam

6.0

2

Update patch 161


Note: Customers with product versions prior to 6.0.1 are encouraged to upgrade to the latest product version.

ISSUES

 

Details
A potential denial of service issue has been identified and fixed in the Symantec Brightmail AntiSpam product. When processing malformed MIME content, the bmserver component may terminate causing a denial of service.

MITIGATION

 

Symantec Response
An update for Symantec Brightmail AntiSpam Versions 6.0.1 has been released and can be downloaded from the following location:
ftp://ftp.symantec.com/public/english_us_canada/products/sba/sba_60x/updates/patch162.zip

An update for Symantec Brightmail AntiSpam Versions 6.0.2 has been released and can be downloaded from the following location:
ftp://ftp.symantec.com/public/english_us_canada/products/sba/sba_60x/updates/patch161.zip

Symantec is not aware of any active attempts against or customers impacted by this issue.

As a part of normal best practices, users should keep vendor-supplied patches for all application software and operating systems up-to-date. Symantec strongly recommends any affected customers update their product immediately to protect against these types of threats