Symantec Advisory SYM09-012 on Norton and Symantec Client Security
Security Advisories Relating to Symantec Products - Norton AntiVirus and Symantec Client Security Email Denial of Service Vulnerability
Risk Impact: Low
Overview
Norton AntiVirus and Symantec Client Security are susceptible to an email denial of Service (DoS) attack which could be triggered by a specially crafted email message.
Affected Products
Norton AntiVirus 2005 through 2008
Norton Internet Security 2005 through 2008
Symantec AntiVirus Corporate Edition 9.0 MR6 and earlier, 10.0 all versions, 10.1 MR7 and earlier, 10.2 MR2 and earlier
Symantec Client Security 2.0 MR6 and earlier, 3.0 all versions, 3.1 MR7 and earlier
Details
Next Generation Security Software notified Symantec that a specially crafted email could potentially create a Denial of Service (DoS) condition on an end user system. The malicious message would require a significantly longer than normal time to process, which could cause the client system to lose connection with the mail server. The email client will try to download the message again the next time it connects to the mail server, and again lose connection. This cycle would be repeated until the malicious message was deleted from the mail server.
Symantec Response
Symantec has confirmed that this issue exists in the products listed in the Affected Products table above. The vulnerability can be exploited only if the optional Internet Email Scanning feature is enabled on the user’s system.
Symantec is not aware of any customers impacted by this issue, or of any attempts to exploit the issue.
Mitigation
Internet Email Scanning is an optional feature which can disabled if it is not being used. Disabling this feature prevents it from being exploited through this vulnerability.
Updating Norton products
Norton product users who launch and run LiveUpdate regularly have already received an update to address this issue. However, to ensure all available updates have been applied, users can manually launch and run LiveUpdate in interactive mode as follows:
Open any installed Norton product
Click LiveUpdate
Run LiveUpdate until all available product updates are downloaded and installed
A reboot may be required, depending on the existing patch level of the affected computer.
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_01