Wednesday, April 09, 2008 1:52 PM
cmosby
Symantec Mail Security Attachment Parsing Vulnerabilities - Advisories - Secunia
Symantec Mail Security Attachment Parsing Vulnerabilities
Secunia Advisory:
SA29342
Release Date:
2008-04-08
Last Update:
2008-04-09
Critical:
Highly critical
Impact:
System access
Where:
From remote
Solution Status:
Vendor Patch
OS:
Symantec Mail Security Appliance 5.0.x
Software:
Symantec Mail Security for Domino 7.x
Symantec Mail Security for SMTP 5.x
CVE reference:
CVE-2007-5405 (Secunia mirror)
CVE-2007-5406 (Secunia mirror)
CVE-2007-6020 (Secunia mirror)
Description:
Secunia Research has discovered some vulnerabilities in Symantec Mail Security products, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerabilities are caused due to various errors within the third-party Folio Flat File reader (foliosr.dll) and Applix Graphics reader (kpagrdr.dll) and can be exploited to cause buffer overflows when a specially crafted file is checked.
For more information:
SA28209
Successful exploitation allows execution of arbitrary code, but requires that e.g. a policy is set up for scanning the contents of messages.
The vulnerabilities are confirmed in Symantec Mail Security version 5.0.1 with Patch 187 and Symantec Mail Security for Domino 7.5.0.19. Other versions may also be affected.
Solution:
Symantec Mail Security for SMTP 5.0.0:
Update to version 5.0.1 Patch 189.
Symantec Mail Security for SMTP 5.01:
Apply Patch 189.
Symantec Mail Security for Domino:
Update to version 7.5.3.25.
Symantec Mail Security Appliance:
Update to version 5.0.0-36 or later.
Provided and/or discovered by:
Dyon Balding, Secunia Research.
Changelog:
2008-04-09: Updated advisory based on additional information from the vendor.
Original Advisory:
SYM08-010:
http://securityresponse.symantec.com/avcenter/security/Content/2008.04.08e.html
Secunia Research:
http://secunia.com/secunia_research/2007-98/
http://secunia.com/secunia_research/2007-105/
Other References:
SA28209:
http://secunia.com/advisories/28209/