Symantec Enterprise Firewall/VPN Appliance UDP Port Scan DoS

2004-09-22T00:00:00
ID OSVDB:10204
Type osvdb
Reporter Mike Sues(msues@rigelksecurity.com)
Modified 2004-09-22T00:00:00

Description

Vulnerability Description

Enterprise Firewall/VPN Appliance contains a flaw that may allow a remote denial of service. The issue is triggered when a fast UDP scan on all possible ports (65535) on the WAN interface occurs, and will result in loss of availability for the platform.

Solution Description

Upgrade to firmware version 1.63 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Enterprise Firewall/VPN Appliance contains a flaw that may allow a remote denial of service. The issue is triggered when a fast UDP scan on all possible ports (65535) on the WAN interface occurs, and will result in loss of availability for the platform.

Manual Testing Notes

nmap -sU -T5 -p U:1-65535 victim

References:

Vendor URL: http://www.symantec.com/ Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1011388 Security Tracker: 1011389 Secunia Advisory ID:12635 Secunia Advisory ID:13671 Related OSVDB ID: 10205 Related OSVDB ID: 10206 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0294.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-09/0278.html Keyword: RK-001-04-01 CVE-2004-1472