Finally, Symantec has owned up to the problems we were seeing last week with the "Premium Anti-Spam" functionality in their Mail Security for Microsoft Exchange problem I blogged about last week. The rev of the article that I saw (last modified 20061206) looks really, really hurriedly written and error-filled ("Symantec Mail Security form Microsoft Exchange...", "<system drive>:\Program iles\Symantec...", poor capitalization of the name of the product in the "Solution" portion of the article).
I'm really disturbed that a flaw this serious was documented by Symantec on 20061201, but no effort was made to contact any Customers or to put the article in the knowledge-base. I have five (5) Customers with "Gold" support contracts (one with 800 seats), and nobody heard a thing from Symantec. When I searched on 20061207, I certainly didn't find this article in the Symantec knowledge-base.
It's helpful that Symantec doesn't identify the specific messages that you might see (except for an unhelpful dump of an event log message w/o the proper event parser DLL installed). In an effort to help people get to this article, I'll quote myself and others here, to see if search engines can help hook people up.
It would be really interesting to get a sample of a message that overflows this buffer. I'm really interested to know if this buffer overflow is exploitable for more than just denial-of-service attacks. It would be absolutely wonderful to get word out to the trade press that Symantec sat on (and, really, is still sitting on) a remotely-exploitable buffer overflow in a major product like this. I'm frustrated that the tens of thousands of dollars per year that my Customers spend on this product funds this kind of idiocy. I'm definitely looking at strongly recommending a move to GFI email security and filtering applications, and away from this Symantec trash.
