Symantec Multiple Firewall NBNS Response Remote Heap Corruption

2004-05-12T00:00:00
ID OSVDB:6101
Type osvdb
Reporter Karl Lynn()
Modified 2004-05-12T00:00:00

Description

Vulnerability Description

Symantec personal firewalls contains a flaw that may allow a remote attacker to execute arbitrary code. The flaw is due to a remote heap corruption vulnerability in SYMDNS.SYS, a driver that validates NetBIOS Name Service responses. With a specially crafted request, an attacker can execute arbitrary code with kernel access.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Symantec has released a patch to address this vulnerability. Customers can obtain the update via the LiveUpdate utility:

  1. Open any installed Symantec product
  2. Click on LiveUpdate in the toolbar
  3. Run LiveUpdate until Symantec LiveUpdate indicated that all installed Symantec products are up-to-date

Short Description

Symantec personal firewalls contains a flaw that may allow a remote attacker to execute arbitrary code. The flaw is due to a remote heap corruption vulnerability in SYMDNS.SYS, a driver that validates NetBIOS Name Service responses. With a specially crafted request, an attacker can execute arbitrary code with kernel access.

References:

Vendor Specific Advisory URL Related OSVDB ID: 6102 Related OSVDB ID: 6100 Related OSVDB ID: 6099 Other Advisory URL: http://www.eeye.com/html/Research/Advisories/AD20040512C.html Keyword: SYM04-008 Keyword: AD20040512C CVE-2004-0444