Symantec Security Company has released patches to address security vulnerabilities in its BrightMail AntiSpam product.
In a security alert, the application developer stated that these vulnerabilities could be exploited to steal data, launch denial-of-service attacks, or disclose sensitive user information.
However, the security company Secunia has rated the vulnerabilities in Symantec BrightMail AntiSpam as medium risk.
The application developer noted that the security vulnerability in BrightMail AntiSpam arises from the application’s inability to completely sanitize the names of files transferred via the DATABLOB-GET / DATABLOB-SAVE requests within the transfer directory chain.
“The vulnerability in the transfer directory chain could lead to the exposure of sensitive system information,” Symantec stated.
Meanwhile, the second vulnerability affects the BrightMail AntiSpam Control Center, which is the application that scans various types of emails.
During the installation of the email scanning application, if users choose to allow the Control Center to connect to any computer, this security flaw could open the door for remote hackers to take control of the Control Center.
Symantec indicated that hackers could send inaccurate information to the anti-spam application service to create conditions that lead to denial-of-service attack errors.
The developer mentioned that combining the two aforementioned vulnerabilities could result in system files being overwritten.
All Symantec BrightMail AntiSpam products from version 4.x to 6.x are affected by these security vulnerabilities. Symantec recommends that users upgrade to version 6.0.4 or Symantec Mail Security For SMTP 5.0 as soon as possible.
Hoàng Dũng
