Video Screencast Help
Security Community Blog

Info: DNS vulnerability in libSPF2

Created: 30 Oct 2008 • Updated: 02 Mar 2009
Ian McShane's picture
0 0 Votes
Login to vote

On October 21st, Dan Kaminsky of DoxPara Research posted this blog entry about a vulnerability with the DNS text parsing in libSPF2 - one of the available libraries utilised by MTAs to use the Sender Policy Framework.

 

Fortunately for Symantec Brightmail customers, today we utilise a different library set for our SPF implementation- the similarly named libSPF.

Brightmail Gateway hasn't used libspf2 since the 4.x releases, a long way prior to this issue being discovered.  The current Brightmail Gateway release is 7.7.  Customers who are running the older 4.x release REALLY should upgrade ASAP really as that version is long out of date and you won't be receiving the full benefits of our R&D. 

 

--ian