Initial Publication Date: Advisory Status: Advisory Severity: Legacy ID
27 Jul 2006 Closed Medium
Multiple vulnerabilities have been reported in Symantec Brightmail AntiSpam. Confidential system information can be read or modified by combining these issues.
Risk Impact Medium
Exploit publicly available
Symantec Brightmail AntiSpam (SBAS)
SMS for SMTP 5 or SBAS 6.0.4
Symantec Brightmail AntiSpam fails to fully sanitize file names passed to the DATABLOB-GET / DATABLOB-SAVE requests of directory traversal Sequences. This directory traversal vulnerability could result in confidential system information being exposed.
During the installation of email scanners, three options are given for identifying the Brightmail AntiSpam Control Center that will control the scanner. The first option is a local Control Center; the second option is to identify the Control Center by its IP address; and the third option allows the Control Center to connect from any computer. The third option could allow an attacker to impersonate the Control Center, exposing the following vulnerabilities.
The Brightmail AntiSpam service can be hung by sending invalid posts, causing a Denial of Service.
By combining with the Directory Traversal vulnerability, some system files can be read.
By combining with the Directory Traversal vulnerability, it is possible to overwrite existing files on the same drive as Symantec Brightmail AntiSpam
Symantec advises all current SBAS customers to upgrade to Symantec Mail Security (SMS) for SMTP 5.0, which does not have this vulnerability. SMS for SMTP 5.0, Symantec's flagship gateway mail security software product, combines proven SBAS technology with significant new email security features. Information describing SMS for SMTP 5.0 is available at http://www.symantec.com/Products/enterprise?c=prodinfo&refId=845&cid=1011. All SBAS customers with current maintenance agreements are entitled to upgrade to SMS for SMTP 5.0 at no additional cost.
For customers unable to upgrade to SMS for SMTP 5.0, Symantec has created and released SBAS 6.0.4, a product update that addresses this vulnerability. SBAS 6.0.4 properly sanitizes all directory traversal input. The option to allow the SBAS Control Center to connect from any IP address has been eliminated. Customers can obtain SBAS 6.0.4 on Symantec FileConnect (https://fileconnect.symantec.com/selectlicenselang.html) using their SBAS license serial number.
Symantec would like to thank George A. Theall of Tenable Network Security, Inc. for reporting this issue and for providing coordination while Symantec resolved it.
This is machine translated content
Login to Subscribe
Please login to set up your
Would you like to be subscribed to future notifications for this article?
For security reasons, your link to this document has expired. Please click on the attachment link to access this file.
The attachment that you are looking for no longer exists.
There has been an issue retrieving your attachment. Please try again.
Currently server is down.
Didn't find the article you were looking for? Try these resources.