[原文]The character converters in the Spamhunter and Language ID modules for Symantec Brightmail AntiSpam 6.0.1 before patch 132 allow remote attackers to cause a denial of service (crash) via messages with the ISO-8859-10 character set, which is not recognized by the converters.
Symantec Brightmail Sieve Module Memory Exhaustion DoS
Remote / Network Access
Denial of Service
Loss of Availability
Brightmail AntiSpam contains a flaw that may allow a remote denial of service. The issue is because the Sieve module fails to recognize malformed RFC 822 MIME attachment boundaries and is triggered by an attacker sending several attachments with malformed boundaries causing Brightmail to consume large amounts of memory, and will result in loss of availability for the service.
Currently, there are no known workarounds or upgrades to correct this issue. However, Symantec has released a patch to address this vulnerability.
Brightmail is reported prone to multiple remote denial of service vulnerabilities. These issues may allow an attacker to crash the application through malicious email messages.
Brightmail 6.0.1 is reported prone to these vulnerabilities.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: email@example.com <mailto:firstname.lastname@example.org>.
Symantec has released a patch to address these issues: