Symantec BrightMail AntiSpam security patch

Security firm Symantec has released patches to fix security bugs in BrightMail AntiSpam product.

In the security warning message, the application developer said that the corrected security errors this time could be exploited to steal data, attack denial of service or reveal sensitive information of user.

However, security firm Secunia ranked security errors in Symantec BrightMail AntiSpam at an average level.

The application developer said the security error in BrightMail AntiSpam arises because the application cannot completely clean the names of the files transferred via the DATABLOB-GET / DATABLOB-SAVE request of the transfer directory.

" Security flaws in the transfer directory can cause sensitive system information to be disclosed, " Symantec said.

Meanwhile, the second security bug affects BrightMail AntiSpam Control Center - an email scanning application.

During the installation of the email scanning application, if the user chooses to allow Control Center to connect to any computer, the security error will open the hackers remotely to control the Control Center.

Symantec said hackers could send inaccurate information to the anti-spam application service to cause conditions to give up a denial of service attack.

The developer said that if combined with the above two security errors, the system files could be overwritten.

Symantec BrightMail AntiSpam products from version 4.x to 6.x have all the above security errors. Symantec recommends that users upgrade to version 6.0.4 or Symantec Mail Security For SMTP 5.0 as soon as possible.

Hoang Dung