Symantec Plugs DoS Flaws in Brightmail | eWeek

Symantec Plugs DoS Flaws in Brightmail

Écrit par
Ryan Naraine
Ryan Naraine
Sep 8, 2005
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Internet security software vendor Symantec Corp. has shipped a patch for a pair of security flaws affecting users of its enterprise-facing Brightmail AntiSpam product.

According to a security advisory from Symantec, the vulnerabilities can be exploited by malicious hackers to launch denial-of-service attacks.

The company warned users of the Symantec Brightmail AntiSpam 6.x to upgrade immediately to protect against remote attacks.

Security alerts aggregator Secunia Inc. rates the flaws as “moderately critical” and recommended that users apply Symantecs Patch 157 (Zip file).

/zimages/2/28571.gifRead morehereabout Symantecs acquisition of Brightmail.

The first bug is described as an error in the anti-virus program when scanning or cleaning certain messages. The error occurs, for example, when scanning messages containing deeply nested zip files and may be exploited to cause Brightmail to process the messages for an extended period of time.

A second error in the decomposer occurs when processing messages containing winmail.dat objects embedded in a MIME file. A malicious attacker may exploit this flaw to crash the decomposer, Symantec acknowledged.

It is the second time this year that Symantec has rushed out security fixes for holes in the Brightmail program. Back in June, the company shipped a Brightmail upgrade to fix an error in the static database administration password, which could be exploited to gain administrative access to the database containing quarantined messages for review.

Symantec acquired Brightmail for approximately $370 million in cash last May with long-term plans to integrate the anti-spam software into its own family of gateway appliances.

/zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.