|
|
Info |
Last Modified |
| about 1 year ago |
|
|
|
|
|
Description |
Symantec Brightmail AntiSpam contains a flaw that may allow a malicious user to read or overwrite files. The issue is triggered when an attacker uses specially crafted filenames in a DATABLOB-GET or DATABLOB-SAVE request. By using directory traversal style attacks (../../), it is possible that an attacker could write a file to an arbitrary location.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Confidentiality,
Loss of Integrity
Exploit:
Exploit Unknown
Disclosure:
OSVDB Verified
|
|
Technical |
This vulnerability is only present when the Control Center is configured to allow connections from any computer.
|
|
Solution |
Upgrade to version 6.0.4 or higher or upgrade to Symantec Mail Security for SMTP 5.0, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
|
|
Products |
|
Brightmail AntiSpam
 |
6.0.1 |
4.x |
5.x |
6.0.0 |
6.0.2 |
6.0.3 |
|
|
|
|
|
|
Credit |
- George A. Theall - theall
 tenablesecurity.com - TenableSecurity
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
