6100 : Symantec Multiple Firewall DNS Response DoS
Printer | http://osvdb.org/6100 | Email This | Edit Vulnerability

Views This Week	Views All Time	Added to OSVDB	Last Modified	Modified (since 2008)	Percent Complete
3	591	over 7 years ago	about 1 year ago	6 times	100%

Timeline

Discovery Date	Vendor Informed Date	Disclosure Date	Exploit Publish Date	Vendor Solution Date
2004-04-19	2004-04-19	2004-05-12	2004-05-12	2004-05-12

Time to Patch	Time to Exploit
23 days	23 days

Keywords

SYM04-008

Description

Symantec personal firewalls contain a flaw that may allow a remote attacker to freeze the system and force a reboot. The issue is due to DNS response validation code not properly handling malformed DNS packets. By sending a specially crafted single packet, an attacker can cause the system to enter an infinite loop within the kernel, effectively freezing the system. A system reboot would be required to resume normal operations.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Public
Disclosure: OSVDB Verified, Vendor Verified
OSVDB: Security Software

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Symantec has released a patch to address this vulnerability. Customers can obtain the update via the LiveUpdate utility:

1. Open any installed Symantec product
2. Click on LiveUpdate in the toolbar
3. Run LiveUpdate until Symantec LiveUpdate indicated that all installed Symantec products are up-to-date

Products

Symantec Corporation	Norton Internet Security	2002
		2003
		2004
	Norton Personal Firewall	2002
		2003
		2004
	Client Firewall	5.0.1
	Client Firewall	5.1.1
	Client Security	1.0
		1.1
		2.0(SCF 7.1)
	Norton AntiSpam	2004
	Norton Internet Security Professional	2002
		2003
		2004

References

CVE ID: 2004-0445 (see also: NVD)
Milw0rm: 299
Exploit Database: 299
Related OSVDB ID: 6099 6101 6102
Keyword: AD20040512B SYM04-008
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-05/0131.html
Other Advisory URL: http://research.eeye.com/html/advisories/published/AD20040512B.html
http://www.eeye.com/html/Research/Advisories/AD20040512B.html [ Link is 404 ]
Vendor Specific Advisory URL: http://securityresponse.symantec.com/avcenter/security/Content/2004.05.12.html

Tools & Filters

Snort	2563 2564

Credit

CVSSv2 Score

CVSSv2 Base Score = 2.6
Source: nvd.nist.gov | Generated: 2003-12-31 | Disagree?

Blogs

This product uses the Daylife API but is not endorsed or certified by Daylife.

This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Timeline

Keywords

Description

Classification

Solution

Products

Symantec Corporation

Norton Internet Security

Norton Personal Firewall

Client Firewall

Client Security

Norton AntiSpam

Norton Internet Security Professional