Brightmail AntiSpam bmagent Multiple Remote Vulnerabilities (DoS, Traversal)
High Nessus Plugin ID 22158
SynopsisThe remote web server is affected by multiple vulnerabilities.
DescriptionThe remote host is running Brightmail AntiSpam, an antispam and anti- virus filter for mail servers, and includes Brightmail Agent, a web server intended to be used by a Brightmail Control Center to manage the Brightmail Scanner.
The version of Brightmail Agent installed on the remote host does not require authentication and thus allows attackers to gain administrative control of the affected application. An attacker can exploit this issue to stop or disable the Brightmail Scanner's services, which could disrupt mail delivery for legitimate users; or to read and write to files associated with the application, which could result in the disclosure of sensitive information or reconfiguration of the application itself.
In addition, the Brightmail Agent suffers from a directory traversal vulnerability such that reads and writes are not limited to the application's directory. Successful exploitation of this issue may result in a complete compromise of the affected host since, under Windows, the application runs with LOCAL SYSTEM privileges.
SolutionEither restrict access to Brightmail Agent (refer to document id 2004123109522163 in Symantec's Support Knowledge Base) or upgrade to Symantec Brightmail AntiSpam 6.0.4 / Symantec Mail Security for SMTP 5.0 or later.