Symantec Mail Security for SMTP Executable Attachment Parsing Denial of Service

SUMMARY

A denial of service has been discovered in Symantec Mail Security for SMTP when parsing Executable Attachments.

Risk Impact
Low

Remote Access

|

Yes

—|—

Local Access

|

No

Authentication Required

|

No

Exploit publicly available

|

No

AFFECTED PRODUCTS

Products

|

Versions

|

Solution

—|—|—

Symantec Mail Security for SMTP

|

5.0.0

|

Upgrade to 5.0.1 and apply patch 181

5.0.1

|

Apply Patch 181

Symantec Mail Security Appliance

|

5.0.x

|

Update to 5.0.0-36 or later

ADDITIONAL PRODUCT INFORMATION

Not Affected
The following products are not affected by this vulnerability.

Products

|

Versions

—|—

Symantec Mail Security for MSE

|

All

Symantec Brightmail AntiSpam

|

All

Symantec Mail Security for SMTP

|

4.1.x

Symantec Mail Security Appliance

|

4.1.x

ISSUES

Symantec Mail Security for SMTP fails to properly check for boundary errors when parsing executable attachments. This issue can lead to a Denial of Service.

This issue is a candidate for inclusion in the Common Vulnerabilities and Exposures (CVE) list (<http://cve.mitre.org>), which standardizes names for security problems. The CVE initiative has assigned CVE-2007-1792 to this issue

MITIGATION

Symantec response
Symantec has released a downloadable updates for this issue available through the Platinum Support Web Site for Platinum customers or through the FileConnect -Electronic Software Distribution web site for all licensed users.

Users of Symantec Mail Security for SMTP 5.0.0 are encouraged to upgrade to 5.0.1 and then download and apply the update.

To date, Symantec is not aware of any reported attempts to exploit this vulnerability

ACKNOWLEDGEMENTS

Symantec would like to thank Dyon Balding of Secunia for reporting this issue to Symantec, and working with us on the resolution.

REVISION

Revision History
Added CVE reference
Added Symantec Mail Security 4.1.x to list of unaffected products