SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Firewall)  >   Norton Internet Security Vendors:   Symantec
Symantec Norton Internet Security SYMNDIS.SYS TCP Options Parsing Flaw Lets Remote Users Deny Service
SecurityTracker Alert ID:  1009380
SecurityTracker URL:  http://securitytracker.com/id/1009380
CVE Reference:   CVE-2004-0375   (Links to External Site)
Updated:  Apr 23 2004
Original Entry Date:  Mar 10 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 2003, 2004, including the Professional version
Description:   A vulnerability was reported in Symantec's Norton Internet Security in the processing of TCP Options. A remote user can cause denial of service conditions on the target system.

eEye Digital Security reported a vulnerability in several Symantec products. A remote user can reportedly send a single packet to the target system to cause the target system to hang. A physical restart of the system is required to return to normal operations.

The flaw reportedly resides in SYMNDIS.SYS. A remote user can send a single TCP packet with a TCP option of either SACK (05) or Alternate Checksum Data (0F) followed by a length of 00 to cause the SYMNDIS.SYS driver to enter an infinite processing loop, the report said. The vulnerability can be triggered regardless of whether the application is enabled or not.

The vendor was reportedly notified on March 9, 2004.

Impact:   A remote user can cause denial of service conditions on the target system. A physical restart of the system is required to return to normal operations.
Solution:   The vendor has reportedly issued a fix, available via Live Update.
Vendor URL:  www.symantec.com/sabu/nis/nis_pe/index.html (Links to External Site)
Cause:   State error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  http://www.eeye.com/html/Research/Upcoming/20040309.html


http://www.eeye.com/html/Research/Upcoming/20040309.html

eEye Digital Security reported a vulnerability in several Symantec products.  A remote 
user can conduct "severe" denial of service attacks against the target system.  No further 
details were provided pending vendor notification and correction.

The following versions are reportedly affected:

Norton Internet Security 2004
Norton Internet Security 2004 Professional
Norton Personal Firewall 2004


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC