[Dshield] FW: Your last message to me was rejected.

Peter Stendahl-Juvonen peter.stendahl-juvonen at welho.com
Thu Apr 22 16:20:19 GMT 2004


(Received this rejected message from postmaster at temmc.com, forwarded further below)

FYI-

Might distinguished DShield General Discussion List subscribers if necessary please white list
respective posts in order to avoid positive false detections?

Please except apology if you actually regard the post as spam or unsolicited mail (or otherwise
offensive).

- Pete


  "Don't play for safety -- it's the most dangerous thing in the world."
    Sir Hugh Walpole (1884-1941); New Zealand-born, English writer.



postmaster at temmc.com <mailto:postmaster at temmc.com> wrote on Thursday, April 22, 2004 5:28 PM UTC+3

|  Your mail with Subject: [Dshield] High-risk vulnerabilities found in Symantec security
| 	products
| 
| 
| 
|   would appear to be unsolicited mail.
| 
|  Your message was sent to: "DShield General DShield Discussion List" <list at lists.dshield.org>
|  If you intended to contact that person for legitmate reasons then our apologies.
| 
|  Please would you resend to the same address
|  but add real- to the e-mail address, and it will bypass the filters.
|  For example, bobm at example.com would become real-bobm at example.com. Thank you.
| 
|  Postmaster
| 
|  Here is the messageID for postmaster reference: 1BGfBP-0000xl-0H:
| 
| ------ This is a copy of the message, including all the headers. ------
| 
| Received: from root by spamkill.temmc.com with spam-scanned (Exim 4.30)
| 	id 1BGfBP-0000xl-0H
| 	for jlinscot at temmc.com; Thu, 22 Apr 2004 09:28:10 -0500
| Received: from localhost by spamkill.temmc.com
| 	with SpamAssassin (2.63-myrules1 2004-01-11);
| 	Thu, 22 Apr 2004 09:28:10 -0500
| From: "Peter Stendahl-Juvonen" <peter.stendahl-juvonen at welho.com>
| To: "DShield General DShield Discussion List" <list at lists.dshield.org>
| Subject: [Dshield] High-risk vulnerabilities found in Symantec security
| 	products
| Date: Thu, 22 Apr 2004 16:21:20 +0300
| Message-Id:
|
<!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAYv/ZE2OLc0aVaSu3sdpM1MKAAAAQAAAAANRBsnM1aku8IFaORxS
sowEAAAAA at welho.com>
| X-Spam-Pyzor: X-Spam-Level: *****
| X-Spam-Status: Yes, hits=5.0 required=5.0 tests=J_CHICKENPOX_54,
| 	J_CHICKENPOX_63,RCVD_IN_SORBS autolearn=no version=2.63-myrules1
| X-Spam-DCC: :
| X-Spam-Test-Scores: J_CHICKENPOX_54=1.6,J_CHICKENPOX_63=1.6,RCVD_IN_SORBS=1.8
| X-Spam-Checker-Version: SpamAssassin 2.63-myrules1 (2004-01-11) on
| 	spamkill.temmc.com
| X-Spam-Flag: YES
| MIME-Version: 1.0
| Content-Type: multipart/mixed; boundary="----------=_4087D67A.08E51731"
| 
| This is a multi-part message in MIME format.
| 
| ------------=_4087D67A.08E51731
| Content-Type: text/plain
| Content-Disposition: inline
| Content-Transfer-Encoding: 8bit
| 
| Spam detection software, running on the system "spamkill.temmc.com", has
| identified this incoming email as possible spam.  The original message
| has been attached to this so you can view it (if it isn't spam) or block
| similar future email.  If you have any questions, see
| postmaster at temmc.com for details.
| 
| Content preview:  High-risk vulnerabilities found in Symantec security
|   products FYI for those concerned: SYM04-007 April 20, 2004 Symantec
|   Client Firewall Denial of Service Vulnerability Risk Impact High [...]
| 
| Content analysis details:   (5.0 points, 5.0 required)
| 
|  pts rule name              description
| ---- ---------------------- --------------------------------------------------
|  1.6 J_CHICKENPOX_54        BODY: 5alpha-pock-4alpha
|  1.6 J_CHICKENPOX_63        BODY: 6alpha-pock-3alpha
|  1.8 RCVD_IN_SORBS          RBL: SORBS: sender is listed in SORBS
|                             [213.243.137.250 listed in dnsbl.sorbs.net]
| 
| 
| 
| ------------=_4087D67A.08E51731
| Content-Type: message/rfc822; x-spam-type=original
| Content-Description: original message before SpamAssassin
| Content-Disposition: inline
| Content-Transfer-Encoding: 8bit
| 
| Received: from chihub2.truenorth.com ([170.200.92.68])
| 	by spamkill.temmc.com with esmtp (Exim 4.30)
| 	id 1BGfBL-0000xU-Rn
| 	for jlinscot at temmc.com; Thu, 22 Apr 2004 09:28:04 -0500
| Received: from chiscan2.interpublic.com ([170.200.92.68]) by
|           chihub2.truenorth.com (Netscape Messaging Server 4.15) with
|           ESMTP id HWKWGL02.AD2 for <jlinscot at temmc.com>; Thu, 22 Apr 2004
|           10:31:33 -0500
| Received: from chiscan2.interpublic.com (localhost.localdomain [127.0.0.1])
| 	by chiscan2proxy.interpublic.com (Postfix) with ESMTP id CED8173C64
| 	for <jlinscot at temmc.com>; Thu, 22 Apr 2004 10:31:32 -0500 (CDT)
| Received: from mail.giac.net (mail1.giac.net [65.173.218.103])
| 	by chiscan2.interpublic.com (Postfix) with SMTP id AECB473C72
| 	for <jlinscot at temmc.com>; Thu, 22 Apr 2004 10:31:32 -0500 (CDT)
| Received: (qmail 29960 invoked from network); 22 Apr 2004 15:31:32 -0000
| Received: from  (HELO dshield.com) (@)
|   by 0 with SMTP; 22 Apr 2004 15:31:32 -0000
| Received: from maverick12.sans.org (localhost.localdomain [127.0.0.1])
| 	by dshield.com (8.11.6/8.11.6) with ESMTP id i3MFMoi30430;
| 	Thu, 22 Apr 2004 15:22:50 GMT
| Received: from mail.giac.net (iceman1 [65.173.218.103])
| 	by dshield.com (8.11.6/8.11.6) with SMTP id i3MDLLi24186
| 	for <list at lists.dshield.org>; Thu, 22 Apr 2004 13:21:22 GMT
| Received: (qmail 10396 invoked from network); 22 Apr 2004 13:21:21 -0000
| Received: from smtp2.pp.htv.fi (213.243.153.14)
| 	by 0 with SMTP; 22 Apr 2004 13:21:21 -0000
| Received: from posti.pp.htv.fi (posti.pp.htv.fi [212.90.64.50])
| 	by smtp2.pp.htv.fi (Postfix) with ESMTP id 944DE29728A
| 	for <list at lists.dshield.org>; Thu, 22 Apr 2004 16:21:20 +0300 (EEST)
| Received: from DDH5170J (cs137250.pp.htv.fi [213.243.137.250])
| 	by posti.pp.htv.fi (8.11.1 (Revision 1.5+JAGae91741+JAGae92668)
| 	/8.11.1) with ESMTP id i3MDLJh26395
| 	for <list at lists.dshield.org>; Thu, 22 Apr 2004 16:21:20 +0300 (EETDST)
| From: "Peter Stendahl-Juvonen" <peter.stendahl-juvonen at welho.com>
| To: "DShield General DShield Discussion List" <list at lists.dshield.org>
| Date: Thu, 22 Apr 2004 16:21:20 +0300
| Organization: Inertia Oy
| Message-ID:
|
<!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAYv/ZE2OLc0aVaSu3sdpM1MKAAAAQAAAAANRBsnM1aku8IFaORxS
sowEAAAAA at welho.com>
| MIME-Version: 1.0 Content-Type: text/plain;
| 	charset="us-ascii"
| X-Priority: 3 (Normal)
| X-MSMail-Priority: Normal
| X-Mailer: Microsoft Outlook, Build 10.0.6626
| Importance: Normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
| X-MIME-Autoconverted: from quoted-printable to 8bit by dshield.com id
| 	i3MDLLi24186
| X-Mailman-Approved-At: Thu, 22 Apr 2004 15:01:30 +0000
| Subject: [Dshield] High-risk vulnerabilities found in Symantec security
| 	products
| X-BeenThere: list at lists.dshield.org
| X-Mailman-Version: 2.1.4
| Precedence: list
| Reply-To: General DShield Discussion List <list at lists.dshield.org>
| List-Id: General DShield Discussion List <list.lists.dshield.org>
| List-Unsubscribe: <http://www.dshield.org/mailman/listinfo/list>,
| 	<mailto:list-request at lists.dshield.org?subject=unsubscribe>
| List-Archive: <http://www.dshield.org/pipermail/list>
| List-Post: <mailto:list at lists.dshield.org>
| List-Help: <mailto:list-request at lists.dshield.org?subject=help>
| List-Subscribe: <http://www.dshield.org/mailman/listinfo/list>,
| 	<mailto:list-request at lists.dshield.org?subject=subscribe>
| Sender: list-bounces at lists.dshield.org
| Errors-To: list-bounces at lists.dshield.org
| Content-Transfer-Encoding: quoted-printable
| X-Removed-Priv-SA-Headers:True
| X-Spam-Flag-tm: TM-Spam-Flag
| 
| 
| High-risk vulnerabilities found in Symantec security products
| 
| FYI for those concerned:
| 
| SYM04-007=20
| April 20, 2004=20
| Symantec Client Firewall Denial of Service Vulnerability
| Risk Impact High
| 
| Overview
| eEye Digital Security notified Symantec Corporation of a severe Denial
| of Service vulnerability they discovered in the Symantec Client Firewall
| products for Windows. By properly exploiting this issue, an attacker
| could render the targeted system inoperable.=20
| 
| Affected Components
| Consumer:
| Symantec Norton Internet Security and Professional 2003, 2004
| Symantec Norton Personal Firewall 2003, 2004
| Corporate:
| Symantec Client Firewall 5.01, 5.1.1
| Symantec Client Security 1.0 and 1.1
| 
| Details
| eEye Digital Security notified Symantec of a Denial of Service
| vulnerability they found during product testing against Symantec's
| client firewall applications. By directing a specifically formatted TCP
| attack against a target system running a vulnerable Symantec
| application, an attacker can cause a complete system halt. As a result,
| the targeted system would require a system reboot to clear the problem.
| 
| Symantec Response
| Symantec confirmed the vulnerability reported by eEye Digital Security.
| Symantec product engineers have developed fixes for the issue and
| released patches for all impacted products through Symantec LiveUpdate
| and technical support channels.
| 
| http://www.sarc.com/avcenter/security/Content/2004.04.20.html
| 
| 
| Vendor:
| Symantec
| 
| Description:
| A remotely-exploitable vulnerability that allows an anonymous attacker
| to execute a severe denial-of-service attack against systems running
| default installations of the affected software.
| 
| Severity:
| High
| 
| Remote Code Execution:
| No
| 
| Software Affected:
| Norton Internet Security 2004
| Norton Internet Security 2004 Professional
| Norton Personal Firewall 2004
| 
| Operating Systems Affected:
| All applicable platforms.
| 
| http://www.eeye.com/html/Research/Upcoming/20040309.html
| 
| 
| Secunia Advisory:SA11102
| Release Date:2004-04-22
| Critical: Moderately critical
| Impact:DoS
| Where:From remote
| 
| Software:
| Norton Internet Security 2003
| Norton Internet Security 2003 Professional
| Norton Internet Security 2004
| Norton Internet Security 2004 Professional
| Norton Personal Firewall 2003
| Norton Personal Firewall 2004
| Symantec Client Firewall 5.x
| Symantec Client Security 1.x
| 
| CVE reference:CAN-2004-0375
| 
| Description:
| eEye Digital Security has discovered a vulnerability in various Symantec
| Client Firewall products, which can be exploited by malicious people to
| cause a DoS (Denial of Service).
| 
| The vulnerability is caused due to an unspecified error when handling
| certain TCP traffic.
| 
| Successful exploitation halts the user's system rendering it inoperable.
| 
| The vulnerability affects the following products:
| * Symantec Norton Internet Security and Professional 2003, 2004
| * Symantec Norton Personal Firewall 2003, 2004
| * Symantec Client Firewall 5.01, 5.1.1
| * Symantec Client Security 1.0 and 1.1
| 
| Solution:
| Patches are available via the LiveUpdate feature and technical support
| channels.
| 
| http://secunia.com/advisories/11102/
| 
| 
| Happy updating
| 
| - Pete
| 
| 
|         "Doubt is not a pleasant condition, but certainty is absurd."
|  Voltaire (1694-1778); French author, humanist, rationalist, & satirist.
| 
| 
| _______________________________________________
| list mailing list
| list at lists.dshield.org
| To change your subscription options (or unsubscribe), see: http://www.dsh=
| ield.org/mailman/listinfo/list
| 
| 
| ------------=_4087D67A.08E51731--




More information about the list mailing list