Symantec Brightmail AntiSpam DATABLOB-* Request Traversal Arbitrary File Write

2006-07-28T07:49:08
ID OSVDB:27590
Type osvdb
Reporter George A. Theall(theall@tenablesecurity.com)
Modified 2006-07-28T07:49:08

Description

Vulnerability Description

Symantec Brightmail AntiSpam contains a flaw that may allow a malicious user to read or overwrite files. The issue is triggered when an attacker uses specially crafted filenames in a DATABLOB-GET or DATABLOB-SAVE request. By using directory traversal style attacks (../../), it is possible that an attacker could write a file to an arbitrary location.

Technical Description

This vulnerability is only present when the Control Center is configured to allow connections from any computer.

Solution Description

Upgrade to version 6.0.4 or higher or upgrade to Symantec Mail Security for SMTP 5.0, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Symantec Brightmail AntiSpam contains a flaw that may allow a malicious user to read or overwrite files. The issue is triggered when an attacker uses specially crafted filenames in a DATABLOB-GET or DATABLOB-SAVE request. By using directory traversal style attacks (../../), it is possible that an attacker could write a file to an arbitrary location.

References:

Vendor URL: http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=642 Vendor Specific Advisory URL Secunia Advisory ID:21223 Related OSVDB ID: 27589 Keyword: SYM06-012 ISS X-Force ID: 28058 FrSIRT Advisory: ADV-2006-3018 CVE-2006-4013