Symantec Mail Security for SMTP Executable Attachment Parsing Denial of Service

SYMSA1124
Last Updated June 26, 2007
Initial Publication Date June 26, 2007
Copy Article Title/URL
Feedback
Subscribe
  • Status: Closed
  • Severity: Low
  • CVSS Base Score:

A denial of service has been discovered in Symantec Mail Security for SMTP when parsing Executable Attachments.

Risk Impact
Low

Remote Access

Yes

Local Access

No

Authentication Required

No

Exploit publicly available

No

 

Products

Versions

Solution

Symantec Mail Security for SMTP

5.0.0

Upgrade to 5.0.1 and apply patch 181

5.0.1

Apply Patch 181

Symantec Mail Security Appliance

5.0.x

Update to 5.0.0-36 or later

 

Not Affected
The following products are not affected by this vulnerability.

Products

Versions

Symantec Mail Security for MSE

All

Symantec Brightmail AntiSpam

All

Symantec Mail Security for SMTP

4.1.x

Symantec Mail Security Appliance

4.1.x

 

Symantec Mail Security for SMTP fails to properly check for boundary errors when parsing executable attachments. This issue can lead to a Denial of Service.

This issue is a candidate for inclusion in the Common Vulnerabilities and Exposures (CVE) list (http://cve.mitre.org), which standardizes names for security problems. The CVE initiative has assigned CVE-2007-1792 to this issue

Symantec response
Symantec has released a downloadable updates for this issue available through the Platinum Support Web Site for Platinum customers or through the FileConnect -Electronic Software Distribution web site for all licensed users.

Users of Symantec Mail Security for SMTP 5.0.0 are encouraged to upgrade to 5.0.1 and then download and apply the update.

To date, Symantec is not aware of any reported attempts to exploit this vulnerability

Symantec would like to thank Dyon Balding of Secunia for reporting this issue to Symantec, and working with us on the resolution.

Revision History
Added CVE reference
Added Symantec Mail Security 4.1.x to list of unaffected products

Legacy ID: SYM07-014

Thanks for your feedback. Let us know if you have additional comments below. (requires login)

    © 1995-2019 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.