OSVDB ID: 6099

Title: Symantec Multiple Firewall NBNS Response Processing Overflow

Info

Disclosure
May 12, 2004

Discovery
Apr 19, 2004

Dates

Exploit
Unknown

Solution
May 12, 2004

Description

 A remote overflow exists in Symantec Norton Personal Firewall. The product fails to check bounds in the main NBNS processing routine and can be overflowed via overwritten index variable. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.

Classification

 Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Rumored
Disclosure: OSVDB Verified, Vendor Verified
OSVDB: Security Software

Solution

 Currently, there are no known workarounds or upgrades to correct this issue. However, Symantec has released a patch to address this vulnerability. Customers can obtain the update via the LiveUpdate utility: 1. Open any installed Symantec product 2. Click on LiveUpdate in the toolbar 3. Run LiveUpdate until Symantec LiveUpdate indicated that all installed Symantec products are up-to-date

Products

Symantec Corporation

Client Firewall

 5.0.1
5.1.1

Client Security

 1.0
1.1
2.0(SCF 7.1)

Norton AntiSpam

 2004

Norton Internet Security

 2002
2003
2004

Norton Internet Security Professional

 2002
2003
2004

Norton Personal Firewall

 2002
2003
2004

References

Credit
  • Derek Soeder - dsoedereeye.com - eEye Digital Security


Direct URL: http://osvdb.org/6099