Symantec fixes bug in Mail Security for SMTP
Symantec has published a patch for Mail Security for SMTP to fix a bug that occurs during mail header processing. Manipulated headers may crash the service; according to US-Cert, they might also be used to smuggle in and execute code on a vulnerable system. No detailed information is provided on this problem. It affects version 5.0 up to and including patch 172 for Windows, Linux and Solaris. Patch 175 fixes this bug.
- Symantec Mail Security for SMTP arbitrary code execution vulnerability, Bug report from US-CERT
- Contents of Patch 175:, Release notes from Symantec
(ehe)