A denial of service has been discovered in Symantec Mail Security for SMTP when parsing Executable Attachments.
Risk Impact Low
Remote Access
Yes
Local Access
No
Authentication Required
No
Exploit publicly available
No
Products
Versions
Solution
Symantec Mail Security for SMTP
5.0.0
Upgrade to 5.0.1 and apply patch 181
5.0.1
Apply Patch 181
Symantec Mail Security Appliance
5.0.x
Update to 5.0.0-36 or later
Not Affected The following products are not affected by this vulnerability.
Products
Versions
Symantec Mail Security for MSE
All
Symantec Brightmail AntiSpam
All
Symantec Mail Security for SMTP
4.1.x
Symantec Mail Security Appliance
4.1.x
Symantec Mail Security for SMTP fails to properly check for boundary errors when parsing executable attachments. This issue can lead to a Denial of Service.
This issue is a candidate for inclusion in the Common Vulnerabilities and Exposures (CVE) list (http://cve.mitre.org), which standardizes names for security problems. The CVE initiative has assigned CVE-2007-1792 to this issue
Symantec response
Symantec has released a downloadable updates for this issue available through the Platinum Support Web Site for Platinum customers or through the FileConnect -Electronic Software Distribution web site for all licensed users.
Users of Symantec Mail Security for SMTP 5.0.0 are encouraged to upgrade to 5.0.1 and then download and apply the update.
To date, Symantec is not aware of any reported attempts to exploit this vulnerability
Symantec would like to thank Dyon Balding of Secunia for reporting this issue to Symantec, and working with us on the resolution.
Revision History
Added CVE reference
Added Symantec Mail Security 4.1.x to list of unaffected products
Legacy ID:
SYM07-014
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)