Home | FAQ | Contact | Privacy Policy
US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

Symantec Corporation Information for VU#697598

Date Notified:
Date Updated:
Statement Date:
Status Summary:Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Symantec has released a patch to correct this issue, available at: The notes for Patch 132 states:
    Changes included with Patch 132

    10757
    Component: spamhunter module
    Synopsis: spamhunter causes engine core dumps when trying to convert headers to UTF
    Platforms: all

    The character converters used by the Spamhunter and Language ID modules do not recognize certain valid character encoding sets, specifically ISO-8859-10, ISO-8859-13, ISO-8859-15 (nordic), and CP866 (russian). Previously, these modules assumed that a valid encoding meant the converter would recognize the character set. In the case of ISO-8859-10, when the converter did not recognize the character set, a crash would result. Patch 132 fixes this problem by allowing the parser to convert the data only if the converter recognizes the character set,
    and adds recognition for the character sets listed above.

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Produced 2009 by US-CERT, a government organization
Disclaimers and copyright information