<<< Date Index >>>     <<< Thread Index >>>

RE: [Full-Disclosure] EEYE: Symantec Multiple Firewall TCP Options Denial of Service



On 04/23/2004:  eEye Digital Security posted:

eE"Derek Soeder" <dsoeder@xxxxxxxx> 
Sent by: full-disclosure-admin@xxxxxxxxxxxxxxxx
04/23/2004 01:36 PM


Symantec Multiple Firewall TCP Options Denial of Service

Release Date:
April 23, 2004

Date Reported:
March 9th, 2004

Severity:
High (Remote Denial of Service)

Vendor:
Symantec


------------------snip---------------------------


Symantec Security Advisory

SYM04-007

20 April, 2004 
Symantec Client Firewall Denial of Service Vulnerability 

Revision History
none

Risk Impact
High

Overview
eEye Digital Security notified Symantec Corporation of a severe Denial of 
Service vulnerability they discovered in the Symantec Client Firewall 
products for Windows. By properly exploiting this issue, an attacker could 
render the targeted system inoperable.

Affected Components
Retail:
Symantec Norton Internet Security and Professional 2003, 2004
Symantec Norton Personal Firewall 2003, 2004

Corporate:
Symantec Client Firewall 5.01, 5.1.1
Symantec Client Security 1.0 and 1.1

Details
eEye Digital Security notified Symantec of a Denial of Service 
vulnerability they found during product testing against Symantec’s client 
firewall applications.  By directing a specifically formatted TCP attack 
against a target system running a vulnerable Symantec application, an 
attacker can cause a complete system halt.  As a result, the targeted 
system would require a system reboot to clear the problem.

Symantec Response
Symantec confirmed the vulnerability reported by eEye Digital Security. 
Symantec product engineers have developed fixes for the issue and released 
patches for all impacted products through Symantec LiveUpdate and 
technical support channels. 

Clients using retail versions of Symantec Norton Internet Security and 
Symantec Norton Personal Firewall who regularly run Symantec LiveUpdate 
should already be protected against this issue.  However, to be sure they 
are fully protected, customers should run Symantec LiveUpdate manually to 
ensure all available updates are installed.
Open any installed Symantec product
Click on LiveUpdate in the toolbar
Run LiveUpdate until Symantec LiveUpdate indicated that all installed 
Symantec products are up-to-date

Clients running corporate versions of Symantec Client Firewall or Symantec 
Client Security should download and apply patches obtained through their 
appropriate support channels.

Symantec is not aware of any active attempts against or customer impact 
from this issue. 

CVE
The Common Vulnerabilities and Exposures (CVE) initiative has assigned 
Candidate CAN-2004-0375 to this issue. 
This is a candidate for inclusion in the CVE list (http://cve.mitre.org), 
which standardizes names for security problems.

Credit:
Symantec appreciates the cooperation of the eEye Digital Security research 
team in identifying this issue.

Symantec Product Security Contact:
Symantec takes the security and proper functionality of its products very 
seriously.  As founding members in the Organization for Internet Safety, 
Symantec follows the process of responsible disclosure.  Symantec also 
subscribes to the vulnerability guidelines outlined by the National 
Infrastructure Advisory Council (NIAC).  Please contact 
secure@xxxxxxxxxxxx if you feel you have discovered a potential or actual 
security issue with a Symantec product.

Symantec strongly recommends using encrypted email for reporting 
vulnerability information to secure@xxxxxxxxxxxxx  The Symantec Product 
Security PGP key can be obtained here.

A copy of this advisory can be found at 
http://securityresponse.symantec.com/avcenter/security/Content/2004.04.20.html

--------------------------------------------------------------------------------

Copyright (c) 2004 by Symantec Corp.
Permission to redistribute this alert electronically is granted as long as 
it is not edited in any way unless authorized by Symantec Security 
Response. Reprinting the whole or parts of this alert in any medium other 
than electronically requires permission from symsecurity@xxxxxxxxxxxxx

Disclaimer
The information in the advisory is believed to be accurate at the time of 
publishing based on currently available information. Use of the 
information constitutes acceptance for use in an AS IS condition. There 
are no warranties with regard to this information. Neither the author nor 
the publisher accepts any liability for any direct, indirect, or 
consequential loss or damage arising from use of, or reliance on, this 
information.

Symantec, Symantec products, and SymSecurity are registered trademarks of 
Symantec Corp. and/or affiliated companies in the United States and other 
countries. All other registered and unregistered trademarks represented in 
this document are the sole property of their respective companies/owners.