Lucene search

[email protected]CVE-2004-0445

HistoryJul 07, 2004 - 4:00 a.m.

CVE-2004-0445

2004-07-0704:00:00

[email protected]

web.nvd.nist.gov

symdns.sys

symantec

norton

internet security

professional

norton personal firewall

norton antispam

client firewall

client security

denial of service

cpu consumption

dns response vulnerability

remote attack

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

6.6 Medium

AI Score

Confidence

High

0.92 High

EPSS

Percentile

99.0%

JSON

The SYMDNS.SYS driver in Symantec Norton Internet Security and Professional 2002 through 2004, Norton Personal Firewall 2002 through 2004, Norton AntiSpam 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 through 2.0 allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a DNS response with a compressed name pointer that points to itself.

Affected configurations

NVD

Node

symantecclient_firewallMatch5.01

symantecclient_firewallMatch5.1.1

symantecclient_securityMatch1.0

symantecclient_securityMatch1.1

symantecclient_securityMatch1.2

symantecclient_securityMatch1.3

symantecclient_securityMatch1.4

symantecclient_securityMatch1.5

symantecclient_securityMatch1.6

symantecclient_securityMatch1.7

symantecclient_securityMatch1.8

symantecclient_securityMatch1.9

symantecclient_securityMatch2.0

symantecnorton_antispamMatch2004

symantecnorton_internet_securityMatch2002

symantecnorton_internet_securityMatch2002pro

symantecnorton_internet_securityMatch2003

symantecnorton_internet_securityMatch2003pro

symantecnorton_internet_securityMatch2004

symantecnorton_internet_securityMatch2004pro

symantecnorton_personal_firewallMatch2002

symantecnorton_personal_firewallMatch2003

symantecnorton_personal_firewallMatch2004

CPENameOperatorVersion
symantec:client_firewallsymantec client firewalleq5.01
symantec:client_firewallsymantec client firewalleq5.1.1
symantec:client_securitysymantec client securityeq1.0
symantec:client_securitysymantec client securityeq1.1
symantec:client_securitysymantec client securityeq1.2
symantec:client_securitysymantec client securityeq1.3
symantec:client_securitysymantec client securityeq1.4
symantec:client_securitysymantec client securityeq1.5
symantec:client_securitysymantec client securityeq1.6
symantec:client_securitysymantec client securityeq1.7

CPE	Name	Operator	Version
symantec:client_firewall	symantec client firewall	eq	5.01
symantec:client_firewall	symantec client firewall	eq	5.1.1
symantec:client_security	symantec client security	eq	1.0
symantec:client_security	symantec client security	eq	1.1
symantec:client_security	symantec client security	eq	1.2
symantec:client_security	symantec client security	eq	1.3
symantec:client_security	symantec client security	eq	1.4
symantec:client_security	symantec client security	eq	1.5
symantec:client_security	symantec client security	eq	1.6
symantec:client_security	symantec client security	eq	1.7

Rows per page:

1-10 of 201

References

lists.grok.org.uk/pipermail/full-disclosure/2004-May/021359.html

secunia.com/advisories/11066

securityresponse.symantec.com/avcenter/security/Content/2004.05.12.html

securitytracker.com/id?1010144

securitytracker.com/id?1010145

securitytracker.com/id?1010146

www.ciac.org/ciac/bulletins/o-141.shtml

www.kb.cert.org/vuls/id/682110

www.osvdb.org/6100

www.securityfocus.com/bid/10336

exchange.xforce.ibmcloud.com/vulnerabilities/16132

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

6.6 Medium

AI Score

Confidence

High

0.92 High

EPSS

Percentile

99.0%

JSON

Related for CVE-2004-0445

cert1 cvelist1 nvd1