ISS X-Force Database: symantec-firewall-tcp-dos(15936): Symantec Firewalls TCP attack denial of service

Symantec Firewalls TCP attack denial of service

symantec-firewall-tcp-dos (15936)

Medium Risk

Description:

Symantec Norton Internet Security and Professional, Symantec Norton Personal Firewall, Symantec Client Firewall, and Symantec Client Security are vulnerable to a denial of service. A remote attacker could launch a TCP attack against a vulnerable system to cause the system to hang.

Consequences:

Denial of Service

Remedy:

For Symantec Norton Internet Security and Professional 2003 and 2004 and Symantec Norton Personal Firewall 2003, 2004:
There is a fix available through Symantec LiveUpdate, as listed in Symantec Security Response SYM04-007. See References.

For Symantec Client Firewall 5.01, 5.1.1, and Symantec Client Security 1.0 and 1.1:
Apply the appropriate patches, as listed in Symantec Security Response SYM04-007. See References.

References:

Full-Disclosure Mailing List, Fri Apr 23 2004 - 13:36:05 CDT: EEYE: Symantec Multiple Firewall TCP Options Denial of Service.
Symantec Security Response SYM04-007: Symantec Client Firewall Denial of Service Vulnerability.
BID-10204: Symantec Client Firewall SYMNDIS.SYS Driver Remote Denial Of Service Vulnerability
BID-9912: Symantec Client Firewall Products SYMNDIS.SYS Driver Remote Denial Of Service Vulnerability
CVE-2004-0375: SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton Personal Firewall 2003 and 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 and 1.1 allow remote attackers to cause a denial of service (infinite loop) via a TCP packet with (1) SACK option or (2) Alternate Checksum Data option followed by a length of zero.
SECTRACK ID: 1009379: Symantec Norton Personal Firewall SYMNDIS.SYS TCP Options Parsing Flaw Lets Remote Users Deny Service
SECTRACK ID: 1009380: Symantec Norton Internet Security SYMNDIS.SYS TCP Options Parsing Flaw Lets Remote Users Deny Service

Platforms Affected:

Symantec Client Firewall 5.01
Symantec Client Firewall 5.1.1
Symantec Client Security 1.0
Symantec Client Security 1.1
Symantec Norton Internet Security 2003
Symantec Norton Internet Security 2004
Symantec Norton Personal Firewall 2003
Symantec Norton Personal Firewall 2004

Reported:

Apr 20, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page