Description: A vulnerability with an unknown impact has been reported in Sophos MailMonitor.
The vulnerability is caused due to an unspecified error within the processing of malformed emails.
The vulnerability has been reported in MailMonitor for SMTP - Unix version 2.1.
Solution: Apply updates.
Symantec LiveUpdate Zip Decompression Routine May Let Users Deny Service
Version(s): 22.214.171.124, 126.96.36.199
Description: A vulnerability was reported in Symantec LiveUpdate, a component of several Symantec security products. A user may be able to cause denial of service conditions in certain cases.
HexView reported that the LiveUpdate decompression routine does not check for uncompressed file sizes before attempting to decompress a downloaded LiveUpdate zip file and does not properly validate directory names before creating the directories on the target system.
A user that can replace a downloaded zip archive (or spoof the Symantec site) can cause denial of service conditions if the zip archive is crafted to contain an overly large file. The user can also cause arbitrary directories to be created on the target system by including directory names that contain '..' directory traversal characters. LiveUpdate will not, however, overwrite existing files. If the directory name to be created already exists, this can cause LiveUpdate to crash or have unpredictable results.
The report indictates that LiveUpdate version 1.80.19 will delete its temporary files if an error occurs, but not any directories that were created. LiveUpdate version 2.5.56 will not delete files when an error occurs.
[Editor's note: The report did not indicate if the Symantec download site uses cryptographic mechanisms to prevent spoofing or man-in-the-middle attacks.]
The vendor was notified on November 3, 2004.
Impact: A user may be able to cause denial of service conditions on the target system, such as consuming large amounts of disk space or trigger an error in LiveUpdate.
Solution: No solution was available at the time of this entry.