RE: [Full-Disclosure] EEYE: Symantec Multiple Firewall TCP Options Denial of Service

On 04/23/2004: eEye Digital Security posted:

eE"Derek Soeder" <[email protected]>
Sent by: [email protected]
04/23/2004 01:36 PM

Symantec Multiple Firewall TCP Options Denial of Service

Release Date:
April 23, 2004

Date Reported:
March 9th, 2004

Severity:
High (Remote Denial of Service)

Vendor:
Symantec

------------------snip---------------------------

Symantec Security Advisory

SYM04-007

20 April, 2004
Symantec Client Firewall Denial of Service Vulnerability

Revision History
none

Risk Impact
High

Overview
eEye Digital Security notified Symantec Corporation of a severe Denial of
Service vulnerability they discovered in the Symantec Client Firewall
products for Windows. By properly exploiting this issue, an attacker could
render the targeted system inoperable.

Affected Components
Retail:
Symantec Norton Internet Security and Professional 2003, 2004
Symantec Norton Personal Firewall 2003, 2004

Corporate:
Symantec Client Firewall 5.01, 5.1.1
Symantec Client Security 1.0 and 1.1

Details
eEye Digital Security notified Symantec of a Denial of Service
vulnerability they found during product testing against Symantec’s client
firewall applications. By directing a specifically formatted TCP attack
against a target system running a vulnerable Symantec application, an
attacker can cause a complete system halt. As a result, the targeted
system would require a system reboot to clear the problem.

Symantec Response
Symantec confirmed the vulnerability reported by eEye Digital Security.
Symantec product engineers have developed fixes for the issue and released
patches for all impacted products through Symantec LiveUpdate and
technical support channels.

Clients using retail versions of Symantec Norton Internet Security and
Symantec Norton Personal Firewall who regularly run Symantec LiveUpdate
should already be protected against this issue. However, to be sure they
are fully protected, customers should run Symantec LiveUpdate manually to
ensure all available updates are installed.
Open any installed Symantec product
Click on LiveUpdate in the toolbar
Run LiveUpdate until Symantec LiveUpdate indicated that all installed
Symantec products are up-to-date

Clients running corporate versions of Symantec Client Firewall or Symantec
Client Security should download and apply patches obtained through their
appropriate support channels.

Symantec is not aware of any active attempts against or customer impact
from this issue.

CVE
The Common Vulnerabilities and Exposures (CVE) initiative has assigned
Candidate CAN-2004-0375 to this issue.
This is a candidate for inclusion in the CVE list (http://cve.mitre.org),
which standardizes names for security problems.

Credit:
Symantec appreciates the cooperation of the eEye Digital Security research
team in identifying this issue.

Symantec Product Security Contact:
Symantec takes the security and proper functionality of its products very
seriously. As founding members in the Organization for Internet Safety,
Symantec follows the process of responsible disclosure. Symantec also
subscribes to the vulnerability guidelines outlined by the National
Infrastructure Advisory Council (NIAC). Please contact
[email protected] if you feel you have discovered a potential or actual
security issue with a Symantec product.

Symantec strongly recommends using encrypted email for reporting
vulnerability information to [email protected]. The Symantec Product
Security PGP key can be obtained here.

A copy of this advisory can be found at
http://securityresponse.symantec.com/avcenter/security/Content/2004.04.20.html

Copyright (c) 2004 by Symantec Corp.
Permission to redistribute this alert electronically is granted as long as
it is not edited in any way unless authorized by Symantec Security
Response. Reprinting the whole or parts of this alert in any medium other
than electronically requires permission from [email protected].

Disclaimer
The information in the advisory is believed to be accurate at the time of
publishing based on currently available information. Use of the
information constitutes acceptance for use in an AS IS condition. There
are no warranties with regard to this information. Neither the author nor
the publisher accepts any liability for any direct, indirect, or
consequential loss or damage arising from use of, or reliance on, this
information.

Symantec, Symantec products, and SymSecurity are registered trademarks of
Symantec Corp. and/or affiliated companies in the United States and other
countries. All other registered and unregistered trademarks represented in
this document are the sole property of their respective companies/owners.