Description: Some vulnerabilities have been reported in Symantec Mail Security for SMTP, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
1) Insufficient validation of mail headers can be exploited to cause the server to exhaust available threads and stop handling other connections when processing specially crafted messages.
2) A boundary error when processing attachments can be exploited to crash the filter-hub.exe process via a specially crafted executable attachment.
Other vulnerabilities when handling certain specific messages may also exist that can be exploited to cause a crash and potentially allow execution of arbitrary code.
The vulnerabilities are reported in version 5.0 for Windows. Other versions may also be affected.
Solution: Apply Patch 175.
Provided and/or discovered by: Steve Arvanitis
Changelog: 2007-03-06: Added CVE reference.
2007-03-27: Added additional information from Secunia Research.
Extended Solution: The "Extended Solution" section is available for Secunia customers only. Request a trial and get access to the Secunia Customer Area and Extended Secunia advisories.
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
