Symantec Brightmail AntiSpam: Nested Zip File, Denial of Service

2005-09-21T07:00:00
ID SMNTC-1070
Type symantec
Reporter Symantec Security Response
Modified 2020-03-06T14:26:53

Description

SUMMARY

Risk Impact
Low

Remote Access

|

Yes (incoming mail)

---|---

Local Access

|

No

Authentication Required

|

No

Exploit publicly available

|

NA

AFFECTED PRODUCTS

Product

|

Version

|

Build

|

Solution

---|---|---|---

Symantec Brightmail AntiSpam

|

6.0

|

1

|

Update

Symantec Brightmail AntiSpam

|

6.0

|

2

|

Update

Symantec Mail Security 8200 Series Appliance

|

All

|

All

|

Automatic Update available
(build 4.1.0-58)

Note: Customers with product versions prior to 6.0.1 are encouraged to upgrade to the latest product version.

ADDITIONAL PRODUCT INFORMATION

Non-Affected Products

Product

|

Version

|

Build

|

Solution

---|---|---|---

Symantec Brightmail AntiSpam

|

Win32

|

All

|

All

Symantec Brightmail AntiSpam

|

Win32

|

All

|

All

ISSUES

Details
A potential Denial of Service issue has been identified and fixed in the Symantec Brightmail AntiSpam product. When processing zip files containing a large number of nested zip files, the product appears to hang while scanning for malicious content.

MITIGATION

Symantec Response
An update for Symantec Brightmail AntiSpam Versions 6.0.1 and 6.0.2 has been released and can be downloaded from the following location:

<ftp://ftp.symantec.com/public/english_us_canada/products/sba/sba_60x/updates/patch157.zip>

An update for the Symantec Mail Security 8200 Series Appliance is available through its software update feature.

Symantec is not aware of any active attempts against or customers impacted by this issue.

As a part of normal best practices, users should keep vendor-supplied patches for all application software and operating systems up-to-date. Symantec strongly recommends any affected customers update their product immediately to protect against these types of threats