---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Symantec Brightmail AntiSpam Static Database Password SECUNIA ADVISORY ID: SA15562 VERIFY ADVISORY: http://secunia.com/advisories/15562/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: >From local network SOFTWARE: Symantec Brightmail AntiSpam 4.x http://secunia.com/product/4627/ Symantec Brightmail AntiSpam 5.x http://secunia.com/product/4628/ Symantec Brightmail AntiSpam 6.x http://secunia.com/product/3656/ DESCRIPTION: A security issue has been reported in Symantec Brightmail AntiSpam, which can be exploited by malicious people to bypass security restrictions. The security issue is caused due to a static database administration password, which can be exploited to gain administrative access to the database containing quarantined messages for review and certain configuration information (only version 6.0 and later). NOTE: In version 6.0, administrative access was restricted to localhost. However, this restriction is not present on systems prior to this version and is also not imposed on prior versions upgraded to version 6.0 without a clean install. SOLUTION: Update to version 6.0.2. http://www.symantec.com/techsupp/ PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: Symantec: http://securityresponse.symantec.com/avcenter/security/Content/2005.05.31a.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------