Symantec Client Firewall Denial of Service Vulnerability
Results 1 to 4 of 4

Thread: Symantec Client Firewall Denial of Service Vulnerability

  1. #1
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126

    Symantec Client Firewall Denial of Service Vulnerability

    eEye Digital Security notified Symantec of a Denial of Service vulnerability they found during product testing against Symantec's client firewall applications. By directing a specifically formatted TCP attack against a target system running a vulnerable Symantec application, an attacker can cause a complete system halt. As a result, the targeted system would require a system reboot to clear the problem.
    Affected Components
    - Norton Internet Security 2003
    - Norton Internet Security 2004
    - Norton Internet Security Professional 2003
    - Norton Internet Security Professional 2004
    - Norton Personal Firewall 2003
    - Norton Personal Firewall 2004
    - Client Firewall 5.01, 5.1.1
    - Client Security 1.0

    Run your LiveUpdate guy!

    Source: http://securityresponse.symantec.com...004.04.20.html
    -Simon \"SDK\"

  2. #2
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    Glad i havn't upgrade my firewall from 2002 now. Thanks for the heads up SDK.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  3. #3
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    All the major brands of software firewalls have DoS issues. From ZA to McAfee to Norton (I mean Symantec), always have and always will.

    But a system halt isn't all bad compared to the firewall crashing open, I've tested a few firewalls that do just that. Quite scary that the quality assurance guys at those companies get paid money for that amount of shoddy work.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  4. #4
    Banned
    Join Date
    Nov 2003
    Posts
    1,161
    Originally posted here by KorpDeath
    All the major brands of software firewalls have DoS issues. From ZA to McAfee to Norton (I mean Symantec), always have and always will.

    But a system halt isn't all bad compared to the firewall crashing open, I've tested a few firewalls that do just that. Quite scary that the quality assurance guys at those companies get paid money for that amount of shoddy work.
    Yeah, my uncle writes software/contracts GOV & private sector, he makes pay in the high $350's and he says there are programmers who make alot more than he does a year. So I could only imagine. " Measure twice code once"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •