Search This Blog

Thursday, June 28, 2007

[NT] Symantec Mail Security for SMTP Boundary Errors

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html


- - - - - - - - -

Symantec Mail Security for SMTP Boundary Errors
------------------------------------------------------------------------


SUMMARY


<http://www.symantec.com/smb/products/overview.jsp?pcid=mes_sec&pvid=smsmtp50> Symantec Mail Security for SMTP defends "your business from email-borne threats that can overload your email infrastructure, reduce employee productivity, and jeopardize confidential information". Secunia Research has discovered boundary errors in the detection of executable packers in libdayzero.dll as loaded by the Filter Hub (filter-hub.exe) of Symantec Mail Security for SMTP. The errors can be exploited to cause unhandled memory access violations causing the filter hub service to crash.

DETAILS

Vulnerable Systems:
* Symantec Mail Security for SMTP version 5.0 patch 176

Immune Systems:
* Symantec Mail Security for SMTP version 5.0 patch 181
* Symantec Mail Security for SMTP version 5.0.0-36

A crash will cause the Filter Hub service to restart and attempt to
reprocess the malicious email causing the mail queue to backup.

The functions that detect the "PE-Shield v0.2" and "ASPack v1.00-1.08.02"
both use a value from the executable as an offset into a buffer with
insufficient validation.

Solution:
Apply fixes
Symantec Mail Security for SMTP: Update to version 5.0.1 and apply patch
181.

Symantec Mail Security Appliance: Update to version 5.0.0-36 or later.

Time Table:
23/03/2007 - Vulnerability discovered.
10/04/2007 - Vendor notified.
11/04/2007 - Vendor response.
27/06/2007 - Public disclosure.

CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1792>
CVE-2007-1792


ADDITIONAL INFORMATION

The information has been provided by Dyon Balding, Secunia Research.
The original article can be found at:
<http://secunia.com/secunia_research/2007-48/>

http://secunia.com/secunia_research/2007-48/

========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

No comments: