Initial Publication Date: Advisory Status: Advisory Severity: Legacy ID
31 May 2005 Closed High
In product versions prior to Symantec Brightmail AntiSpam 6.0, the database is used to store quarantined SPAM for review. With the release of Symantec Brightmail AntiSpam version 6.0, some configuration information is now also stored in the database. The 6.0 release added security by restricting access to the admin account to localhost. However, Symantec engineers have found the restriction to localhost failed when upgrading from a prior version to Symantec Brightmail AntiSpam 6.0. It was only effective if a clean install of Symantec Brightmail AntiSpam 6.0 was done. Prior versions of Symantec Brightmail AntiSpam that were upgraded to 6.0 without doing a clean install remained remotely accessible.
All Symantec Brightmail AntiSpam versions prior to 6.0 and those upgraded to 6.0 allow remote access to database administrator account. Database administrator access is limited to localhost for fresh installations of version 6.0.
Remote Database Access
Configuration Data Access
Brightmail AntiSpam upgraded to 6.0 or 6.0.1 from an earlier release
Brightmail AntiSpam 6.0 Fresh Install
From localhost only (localhost only)
Brightmail AntiSpam 5.5 with Web Quarantine 1.0*
Note: Only Symantec products indicated above are potentially vulnerable. All other Symantec products are NOT affected.
A static database administration password has been identified in Symantec’s Brightmail AnitiSpam product. This password could potentially allow remote administrative access to the database.
Symantec has released product update, 6.0.2, which properly addresses this issue. Symantec Brightmail AntiSpam 6.0.2 update includes the following:
1) The database root administrator account has been removed.
2) The installer for the brightmailuser account generates a random password.
3) The database account is restricted to localhost on all previously upgraded versions of the product .
As a part of normal best practices, users should keep vendor-supplied patches for all application software and operating systems up-to-date. Symantec strongly recommends any affected customers update their product immediately to protect against these types of threats.