Symantec Client Security Buffer Overflow in Realtime E-mail Scanning Lets Local Users Deny Service
|
|
SecurityTracker Alert ID: 1018371 |
|
SecurityTracker URL: http://securitytracker.com/id/1018371
|
|
CVE Reference:
CVE-2007-3771
(Links to External Site)
|
Updated: May 6 2008
|
Original Entry Date: Jul 11 2007
|
Impact:
Denial of service via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 9.x, 10.0
|
Description:
A vulnerability was reported in Symantec Anti Virus Corporate Edition. A local user can cause denial of service conditions.
A local user can send a specially crafted e-mail to trigger a buffer overflow in the Internet E-mail Auto-Protect feature and cause the Internet E-mail real-time protection service to crash. The system will not scan subsequent outbound SMTP email messages.
An outbound email with more than 951 characters in the To:, From: or Subject: fields can trigger the overflow.
Symantec credits Jordi Corrales with reporting this vulnerability.
|
Impact:
A local user can cause denial of service conditions.
|
Solution:
The vendor has issued fixed versions (9.0.6.1000, 10.1).
The Symantec advisory is available at:
http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11b.html
|
Vendor URL: securityresponse.symantec.com/avcenter/security/Content/2007.07.11b.html (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 11 Jul 2007 11:58:44 -0400
Subject: Symantec Client Security Internet E-mail Auto-Protect Stack Overflow
|
http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11b.html
CVE-2006-3456
|
|
