Short Name |
APP:BRG-MAIL-US-PASS |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
APP |
Keywords |
BirghtMail-Anti-Spam-Access |
Release Date |
2005/07/25 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Brightmail AntiSpam. Versions earlier than 6.0.2 are vulnerable. Attackers can exploit a hard-coded database administrator password vulnerability to bypass security restrictions and gain administrative access. This could allow attackers to modify the device behavior.
Symantec Brightmail AntiSpam is susceptible to a remote information disclosure vulnerability. This issue is due to a failure of the application to properly ensure that remote database access is properly disabled. In cases where the affected package was upgraded, rather than freshly installed, remote database access was not properly disabled. Remote access to the database may be simplified for attackers, as the database utilizes a static password. This vulnerability allows remote attackers to gain access to potentially sensitive database contents.