Friday, 2 March 2007

Drop Everything and Patch Symantec Mail Security for SMTP

Running Symantec Mail Security for SMTP? Stop what you're doing and download the patch (patch 176 at the time or writing).

Seems like a craftily-crafted incoming message can cause a buffer overrun. This may lead to code execution. [Update: Symantec now confirms that they see no chance of arbitrary code execution, merely denial of service.]

Currently being exploited. The code in question tries to infiltrate a Microsoft SQL Server, presumably in order to steal passwords. Another good reason to segment your servers so that they each have a single role; perhaps using virtualization.

Of course, a patch for this bug has been available for eight months, but that doesn't seem to have stopped exploits causing some trouble over at Turner Broadcasting System.

So run: don't walk. More at US-CERT.

2 comments:

Anonymous said...

Based on my experience with this product I would suggest to "Drop Symantec Mail Security for SMTP and look elsewere". Since our company adopted this software I cannot have a week without problems. Our local representative only is able to suggest wait for the next patch, but since 10 month's i cannot feel secure about internet mail service going through this mediocre and unstable product.
Working on a HP server with more than 1Gb RAM, fast disk, dual processor, Win 2003. Reinstalled the SO 2 times, the product 3 times, I cannot trust any more in Symantec Mail Security for SMTP.

RB
Buenos Aires

Richi Jennings said...

RB, that's not been my experience of the product. I installed it for a client some time ago, and there's not been the sort of issues you described.

The fact that you're having to reinstall Windows several times indicates some wider problem to me.

Post a comment