---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Symantec Products Internet Email Scanning Denial of Service SECUNIA ADVISORY ID: SA36493 VERIFY ADVISORY: http://secunia.com/advisories/36493/ DESCRIPTION: A vulnerability has been reported in multiple Symantec products, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when processing email messages and can be exploited to disable an email client by placing it in an infinite loop where unsuccessful email retrievals are repeatedly attempted. Successful exploitation requires that the "Internet Email Scanning" feature is installed and enabled (not the default for Symantec AntiVirus and Symantec Client Security). The vulnerability is reported in the following products and versions: * Norton AntiVirus 2005 through 2008 * Norton Internet Security 2005 through 2008 * Symantec AntiVirus Corporate Edition 10.2 MR2 and earlier, 10.1 MR7 and earlier, 10.0, 9.0 MR6 and earlier * Symantec Client Security versions 2.0 MR6 and earlier, 3.0, and 3.1 MR7 and earlier SOLUTION: Norton AntiVirus 2005 through 2008: Run LiveUpdate in interactive mode. Norton Internet Security 2005 through 2008: Run LiveUpdate in interactive mode. Symantec AntiVirus Corporate Edition versions 9.0 MR6 and earlier: Update to version 9.0 MR7 or later. Symantec AntiVirus Corporate Edition version 10.0: Update to version 10.1 MR8 or later. Symantec AntiVirus Corporate Edition versions 10.1 MR7 and earlier: Update to version 10.1 MR8 or later. Symantec AntiVirus Corporate Edition versions 10.2 MR2 and earlier: Update to version 10.2 MR3 or later. Symantec Client Security versions 2.0 MR6 and earlier: Update to version 2.0 MR7 or later. Symantec Client Security version 3.0: Update to version 3.1 MR8 or later. Symantec Client Security 3.1 MR7 and earlier: Update to version 3.1 MR8 or later. PROVIDED AND/OR DISCOVERED BY: The vendor credits Mark Litchfield of Next Generation Security Software. ORIGINAL ADVISORY: Symantec (SYM09-012): http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_01 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------