Overview
Symantec Mail Security for SMTP contains a vulnerability that may allow an attacker to execute arbitrary code, or create a denial of service condition.
Description
Symantec Mail Security for SMTP is an antispam, antivirus, and content filtering software package that scans email. Symantec Mail Security for SMTP contains a vulnerability that occurs when processing mail messages with malformed headers. An attacker may be able to exploit this vulnerability by sending a specially crafted email message through a vulnerable system. |
Impact
A remote, unauthenticated attacker to execute arbitrary code, or create a denial of service condition. |
Solution
Upgrade |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 0 | AV:--/AC:--/Au:--/C:--/I:--/A:-- |
| Temporal | 0 | E:ND/RL:ND/RC:ND |
| Environmental | 0 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
References
- http://www.symantec.com/enterprise/products/overview.jsp?pcid=1008&pvid=845_1
- ftp://ftp.symantec.com/public/english_us_canada/products/symantec_mail_security/5.0_smtp/updates/
- ftp://ftp.symantec.com/public/english_us_canada/products/symantec_mail_security/5.0_smtp/updates/release_notes_p175.txt
- http://secunia.com/advisories/24371/
Acknowledgements
Thanks to Steve Arvanitis for reporting this vulnerability.
This document was written by Ryan Giobbi.
Other Information
| CVE IDs: | None |
| Severity Metric: | 2.10 |
| Date Public: | 2007-02-09 |
| Date First Published: | 2007-03-01 |
| Date Last Updated: | 2007-03-02 19:23 UTC |
| Document Revision: | 16 |