Symantec Corporation Affected

Updated:  December 23, 2004

Status

Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Symantec has released a patch to correct this issue, available at: ftp://ftp.symantec.com/public/english_us_canada/products/sba/sba_60x/updates/Patch132.zip The notes for Patch 132 states: Changes included with Patch 132 10757 Component: spamhunter module Synopsis: spamhunter causes engine core dumps when trying to convert headers to UTF Platforms: all The character converters used by the Spamhunter and Language ID modules do not recognize certain valid character encoding sets, specifically ISO-8859-10, ISO-8859-13, ISO-8859-15 (nordic), and CP866 (russian). Previously, these modules assumed that a valid encoding meant the converter would recognize the character set. In the case of ISO-8859-10, when the converter did not recognize the character set, a crash would result. Patch 132 fixes this problem by allowing the parser to convert the data only if the converter recognizes the character set, and adds recognition for the character sets listed above.