[Dshield] High-risk vulnerabilities found in Symantec security products

Peter Stendahl-Juvonen peter.stendahl-juvonen at welho.com
Thu Apr 22 13:21:20 GMT 2004


High-risk vulnerabilities found in Symantec security products

FYI for those concerned:

SYM04-007 
April 20, 2004 
Symantec Client Firewall Denial of Service Vulnerability
Risk Impact High

Overview
eEye Digital Security notified Symantec Corporation of a severe Denial
of Service vulnerability they discovered in the Symantec Client Firewall
products for Windows. By properly exploiting this issue, an attacker
could render the targeted system inoperable. 

Affected Components
Consumer:
Symantec Norton Internet Security and Professional 2003, 2004
Symantec Norton Personal Firewall 2003, 2004
Corporate:
Symantec Client Firewall 5.01, 5.1.1
Symantec Client Security 1.0 and 1.1

Details
eEye Digital Security notified Symantec of a Denial of Service
vulnerability they found during product testing against Symantec's
client firewall applications. By directing a specifically formatted TCP
attack against a target system running a vulnerable Symantec
application, an attacker can cause a complete system halt. As a result,
the targeted system would require a system reboot to clear the problem.

Symantec Response
Symantec confirmed the vulnerability reported by eEye Digital Security.
Symantec product engineers have developed fixes for the issue and
released patches for all impacted products through Symantec LiveUpdate
and technical support channels.

http://www.sarc.com/avcenter/security/Content/2004.04.20.html


Vendor:
Symantec

Description:
A remotely-exploitable vulnerability that allows an anonymous attacker
to execute a severe denial-of-service attack against systems running
default installations of the affected software.

Severity:
High

Remote Code Execution:
No

Software Affected:
Norton Internet Security 2004
Norton Internet Security 2004 Professional
Norton Personal Firewall 2004

Operating Systems Affected:
All applicable platforms.

http://www.eeye.com/html/Research/Upcoming/20040309.html


Secunia Advisory:SA11102
Release Date:2004-04-22
Critical: Moderately critical
Impact:DoS
Where:From remote

Software:
Norton Internet Security 2003
Norton Internet Security 2003 Professional
Norton Internet Security 2004
Norton Internet Security 2004 Professional
Norton Personal Firewall 2003
Norton Personal Firewall 2004
Symantec Client Firewall 5.x
Symantec Client Security 1.x

CVE reference:CAN-2004-0375

Description:
eEye Digital Security has discovered a vulnerability in various Symantec
Client Firewall products, which can be exploited by malicious people to
cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error when handling
certain TCP traffic.

Successful exploitation halts the user's system rendering it inoperable.

The vulnerability affects the following products:
* Symantec Norton Internet Security and Professional 2003, 2004
* Symantec Norton Personal Firewall 2003, 2004
* Symantec Client Firewall 5.01, 5.1.1
* Symantec Client Security 1.0 and 1.1

Solution:
Patches are available via the LiveUpdate feature and technical support
channels.

http://secunia.com/advisories/11102/


Happy updating

- Pete


        "Doubt is not a pleasant condition, but certainty is absurd."
 Voltaire (1694-1778); French author, humanist, rationalist, & satirist.





More information about the list mailing list