6102 : Symantec Multiple Firewall Remote DNS KERNEL Overflow
Printer | http://osvdb.org/6102 | Email This | Edit Vulnerability

Views This Week	Views All Time	Added to OSVDB	Last Modified	Modified (since 2008)	Percent Complete
5	781	over 7 years ago	about 1 year ago	4 times	100%

Timeline

Discovery Date	Vendor Informed Date	Disclosure Date	Vendor Solution Date
2004-04-19	2004-04-19	2004-05-12	2004-05-12

Time to Patch
23 days

Keywords

SYM04-008

Description

Symantec personal firewalls contain a flaw that may allow a remote attacker to gain remote KERNEL access. The flaw is due to an overflow within a core driver component that handles the processing of DNS (Domain Name Service) requests and responses. By sending a specially crafted DNS Resource Record with an overly long canonical name, a stack-based buffer can be overflowed to execute arbitrary code.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Rumored
Disclosure: OSVDB Verified, Vendor Verified
OSVDB: Security Software

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Symantec has released a patch to address this vulnerability. Customers can obtain the update via the LiveUpdate utility:

1. Open any installed Symantec product
2. Click on LiveUpdate in the toolbar
3. Run LiveUpdate until Symantec LiveUpdate indicated that all installed Symantec products are up-to-date

Products

Symantec Corporation	Norton Internet Security	2002
		2003
		2004
	Norton Personal Firewall	2002
		2003
		2004
	Client Firewall	5.0.1
	Client Firewall	5.1.1
	Client Security	1.0
		1.1
		2.0(SCF 7.1)
	Norton AntiSpam	2004
	Norton Internet Security Professional	2002
		2003
		2004

References

CVE ID: 2004-0444 (see also: NVD)
Related OSVDB ID: 6099 6100 6101
Keyword: AD20040512D SYM04-008
Other Advisory URL: http://research.eeye.com/html/advisories/published/AD20040512D.html
http://www.eeye.com/html/Research/Advisories/AD20040512D.html [ Link is 404 ]
Vendor Specific Advisory URL: http://securityresponse.symantec.com/avcenter/security/Content/2004.05.12.html

Tools & Filters

Snort	14777 15972 16015 2563 2564

Credit

Barnaby Jack - eEye Digital Security

CVSSv2 Score

CVSSv2 Base Score = 10.0
Source: nvd.nist.gov | Generated: 2003-12-31 | Disagree?

Blogs

This product uses the Daylife API but is not endorsed or certified by Daylife.

This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Timeline

Keywords

Description

Classification

Solution

Products

Symantec Corporation

Norton Internet Security

Norton Personal Firewall

Client Firewall

Client Security

Norton AntiSpam

Norton Internet Security Professional