vulnerability in Symantec products

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: vulnerability in Symantec products
From: security@xxxxxxxxxxxxxx
Date: 26 Oct 2006 22:30:11 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Critical vulnerability was discovered in Symantec Internet Security 2005, 
posible afected products: Symantec Personal Firewall 2005, Symantec Internet 
Security 2004, Symantec Personal Firewall 2004,  Symantec Personal Firewall 
2003, Symantec Internet Security 2006, Symantec Personal Firewall 2006.

Defective program feature allows to establish remote connections undetected - 
thus creating a perfect exploit for trojans and hacker activities. Symantec 
products generally have a rule "Default outbound NetBIOS", allowing programs to 
establish direct IP connections on ports 137, 138, 139. Therefore, trojan 
programs can undetectably bypass Symantec firewall and connect on these ports 
to attacker's remote server. However, resolving IP from DNS will be detected by 
the firewall.

Solutions:
- Disable "Default outbound NetBIOS" rule
- Modify "Default outbound NetBIOS" rule and restrict connections only to LAN

--------------------------------------------------
DimichSoft Security Group
http://www.dimichsoft.com/security.html

Prev by Date: [ GLSA 200610-13 ] Cheese Tracker: Buffer Overflow
Next by Date: Re: IE7 is a Source of Problem - Secunia IE7 Release Incident of October 2006
Previous by thread: [ GLSA 200610-13 ] Cheese Tracker: Buffer Overflow
Next by thread: Re: vulnerability in Symantec products
Index(es):
- Date
- Thread