Symantec Multiple Firewall Remote DNS KERNEL Overflow

2004-05-12T00:00:00
ID OSVDB:6102
Type osvdb
Reporter Barnaby Jack(info@eEye.com), Karl Lynn()
Modified 2004-05-12T00:00:00

Description

Vulnerability Description

Symantec personal firewalls contain a flaw that may allow a remote attacker to gain remote KERNEL access. The flaw is due to an overflow within a core driver component that handles the processing of DNS (Domain Name Service) requests and responses. By sending a specially crafted DNS Resource Record with an overly long canonical name, a stack-based buffer can be overflowed to execute arbitrary code.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Symantec has released a patch to address this vulnerability. Customers can obtain the update via the LiveUpdate utility:

  1. Open any installed Symantec product
  2. Click on LiveUpdate in the toolbar
  3. Run LiveUpdate until Symantec LiveUpdate indicated that all installed Symantec products are up-to-date

Short Description

Symantec personal firewalls contain a flaw that may allow a remote attacker to gain remote KERNEL access. The flaw is due to an overflow within a core driver component that handles the processing of DNS (Domain Name Service) requests and responses. By sending a specially crafted DNS Resource Record with an overly long canonical name, a stack-based buffer can be overflowed to execute arbitrary code.

References:

Vendor Specific Advisory URL Related OSVDB ID: 6100 Related OSVDB ID: 6099 Related OSVDB ID: 6101 Other Advisory URL: http://www.eeye.com/html/Research/Advisories/AD20040512D.html Keyword: AD20040512D Keyword: SYM04-008 CVE-2004-0444