Article

Security Bytes: ISS warns of new Microsoft Windows flaw

SearchSecurity.com Staff
ISS warns of new Microsoft Windows flaw
Multiple versions of Microsoft Windows are vulnerable to a NULL pointer dereference error in the server driver, which attackers could exploit to crash a system using a specially crafted network packet. Atlanta-based vendor Internet Security Systems' (ISS) X-Force uncovered the glitch and released details Friday in an

    Requires Free Membership to View

advisory, warning that an exploit is available in the wild.

"Attackers can reliably cause Microsoft Windows to [go to a] blue screen," ISS said. "Users must reboot to recover from the crash … As of this writing no patch is available for the vulnerability."

ISS said the security hole affects:

  • Microsoft Windows 2000 SP4
  • Microsoft Windows Server 2003
  • Microsoft Windows Server 2003 Itanium
  • Microsoft Windows Server 2003 SP1
  • Microsoft Windows Server 2003 SP1 Itanium
  • Microsoft Windows Server 2003 x64 Edition
  • Microsoft Windows XP Pro x64 Edition
  • Microsoft Windows XP SP1
  • Microsoft Windows XP SP2

    Symantec fixes Brightmail AntiSpam flaw
    Cupertino, Calif.-based antivirus giant Symantec Corp. has fixed multiple flaws in its Brightmail AntiSpam product. Attackers could exploit the flaws to read or modify confidential system information, Symantec said in an advisory.

    "Symantec Brightmail AntiSpam fails to fully sanitize file names passed to the DATABLOB-GET / DATABLOB-SAVE requests of directory traversal sequences," Symantec said. "This directory traversal vulnerability could result in confidential system information being exposed."

    During the installation of email scanners, Symantec said three options are given for identifying the Brightmail AntiSpam control center that will control the scanner. The first option is a local control center. The second option is to identify the control center by its IP address, and the third option allows the control center to connect from any computer.

    Symantec said the third option could allow an attacker to impersonate the control center, exposing the following vulnerabilities:

  • The Brightmail AntiSpam service can be hung by sending invalid posts, causing a denial of service.
  • By combining with the directory traversal vulnerability, some system files can be read.
  • By combining with the directory traversal vulnerability, it is possible to overwrite existing files on the same drive as Symantec Brightmail AntiSpam.

    The solution is to upgrade to Symantec Brightmail AntiSpam version 6.0.4 or to Symantec Mail Security (SMS) for SMTP version 5.0.


  • There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: