-
May 1st, 2004, 05:50 PM
#1
Symantec Client Firewall Denial of Service Vulnerability
eEye Digital Security notified Symantec of a Denial of Service vulnerability they found during product testing against Symantec's client firewall applications. By directing a specifically formatted TCP attack against a target system running a vulnerable Symantec application, an attacker can cause a complete system halt. As a result, the targeted system would require a system reboot to clear the problem.
Affected Components
- Norton Internet Security 2003
- Norton Internet Security 2004
- Norton Internet Security Professional 2003
- Norton Internet Security Professional 2004
- Norton Personal Firewall 2003
- Norton Personal Firewall 2004
- Client Firewall 5.01, 5.1.1
- Client Security 1.0
Run your LiveUpdate guy!
Source: http://securityresponse.symantec.com...004.04.20.html
-
May 1st, 2004, 06:44 PM
#2
Glad i havn't upgrade my firewall from 2002 now. Thanks for the heads up SDK.
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry
-
May 2nd, 2004, 03:40 AM
#3
All the major brands of software firewalls have DoS issues. From ZA to McAfee to Norton (I mean Symantec), always have and always will.
But a system halt isn't all bad compared to the firewall crashing open, I've tested a few firewalls that do just that. Quite scary that the quality assurance guys at those companies get paid money for that amount of shoddy work.
Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson
-
May 2nd, 2004, 05:36 AM
#4
Originally posted here by KorpDeath
All the major brands of software firewalls have DoS issues. From ZA to McAfee to Norton (I mean Symantec), always have and always will.
But a system halt isn't all bad compared to the firewall crashing open, I've tested a few firewalls that do just that. Quite scary that the quality assurance guys at those companies get paid money for that amount of shoddy work.
Yeah, my uncle writes software/contracts GOV & private sector, he makes pay in the high $350's and he says there are programmers who make alot more than he does a year. So I could only imagine. " Measure twice code once"
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|