Release notes for Patch 201 for Symantec Mail Security for SMTP 5

Article:TECH92939  |  Created: 2009-01-18  |  Updated: 2011-05-31  |  Article URL http://www.symantec.com/docs/TECH92939
Article Type
Technical Solution

Issue



You seek a copy of the release notes for patch 201 for Symantec Mail Security for SMTP 5.0.1


Solution



Patch 201 addresses a buffer overflow vulnerability in Symantec Mail Security
for SMTP 5.0.1

IMPORTANT: This is a patch to the Scanner component of Symantec Mail Security
for SMTP 5.0.1.

Patch 201 is exclusive of any other patches for SMS for SMTP 5.0.1 and has
been tested and verified against installations at a Patch 200 level. It is
suggested that you patch your installation to Patch 200 prior to installing
this patch to take advantage of important stability related fixes. This patch
should NOT be applied to any installation of SMS for SMTP 5.0.1 at a patch
level prior to P189.



Contents of Patch 201
---------------------

 36687, 36755
 Component: Scanner
 Platform: All
 Description:
 Autonomy KeyView WordPerfect File Font Descriptor Buffer Overflow Vulnerability
 
 Buffer overflow in wp6sr.dll/wp6sr.so and wpmsr.dll/spmsr.so in Autonomy
 (formerly Verity) KeyView, as used by Symantec SMS for SMTP 5.0.1, allows remote
 attackers to execute arbitrary code via a long Font Description name record with
 the privileges of the current user.

 This vulnerability exists within the files wp6sr.dll/wp6sr.so and
 wpmsr.dll/wpmsr.so which implement the processing of WordPerfect for Macintosh
 and WordPerfect for Windows documents. When processing certain records, data is
 copied from the file into a fixed-size stack buffer without ensuring that enough
 space is available. By overflowing the buffer, an attacker can overwrite control
 flow structures stored on the stack.

 Analysis:
 Exploitation allows attackers to execute arbitrary code with the privileges of
 the user. In order to exploit this vulnerability, an attacker must cause a
 specially crafted WordPerfect Document to be processed by an application
 using the Autonomy KeyView SDK.

 Application of Patch 201 eliminates this vulnerability.


Installation Instructions
=========================

It is recommended that you set each Scanner that you are patching to
temporarily reject incoming connections. It is also recommended that
you drain the message queues before you apply this patch, unless the
issues addressed in this patch resolve problems with messages that
are currently stuck in the queues.

Draining your message queues
----------------------------
To stop delivery and drain a Scanner's message queue

1.  In the Control Center, click Settings > Hosts.

2.  Check the box next to the Scanner and click Edit.

3.  Click Do not accept incoming messages.

4.  Click Save.

5.  Allow messages to drain from the queue.
   You can check message queue status in Status > Message Queues.

To re-enable message delivery (do this after you have installed the patch)

1.  In the Control Center, click Settings > Hosts.

2.  Check the box next to the Scanner and click Edit.

3.  Click Accept and deliver messages normally.

4.  Click Save.


Installation
------------
To install the patch, follow these steps:

Windows:

1.  Download the patch zip file (smssmtp501_p201_x86_win.zip)

2.  Log into the Control Center, stop the Filter Engine, then log
   out of the Control Center.

3.  Extract the archive over the existing copies of wp6sr.dll and wpmsr.dll
   which are stored in %INSTALL_DIR%\scanner\rules\verity\ on every scanner
   installation in your SMS for SMTP 5.0.1 deployment. (Note: you may want
   to back up your original copy of the files in case you run into any
   problems before you overwrite them.)

4.  Start the Filter Engine service from the Control Center.
   

UNIX:

1.  Download the patch tarball.

2.  Log into the Control Center, stop the Filter Engine, then log
   out of the Control Center.

3.  Uncompress, then unpack the tar file over the existing copies of wp6sr.so
   and wpmsr.so which are stored in $INSTALL_DIR/scanner/rules/verity/ on
   every scanner installation in your SMS for SMTP 5.0.1 deployment. (Note:
   you may want to back up your original copy of the files in case you run into
   any problems before you overwrite them.)

4.  Start the Filter Engine service from the Control Center.




Legacy ID



2009031808420654


Article URL http://www.symantec.com/docs/TECH92939


Terms of use for this information are found in Legal Notices