F-Secure patches its Messaging Security Gateway
F-Secure has released an update to close a vulnerability in its Messaging Security Gateway 5.5.x. The hole only affects systems where the SMTP Turbo module is activated, but when the module is active it is possible for an attacker to use the system as a mail relay by using specially crafted SMTO messages.
Spammers, for example, could make use of the vulnerability to send their emails. F-Secure notes that messages sent by making use of the vulnerability would still pass through the software's spam filter. The update will be installed automatically on systems left on their default settings.
See also:
- Security Advisory FSC-2009-2, advisory from F-Secure.
(djwm)