SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Firewall)  >   Norton Personal Firewall Vendors:   Symantec
Symantec Norton Personal Firewall Lets Remote Users Execute Arbitrary Code to Take Full Control of the System
SecurityTracker Alert ID:  1009877
SecurityTracker URL:  http://securitytracker.com/id/1009877
CVE Reference:   CVE-2004-0444, CVE-2004-0445   (Links to External Site)
Updated:  May 13 2004
Original Entry Date:  Apr 20 2004
Impact:   Denial of service via network, Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 2002, 2003, 2004
Description:   Several vulnerabilities were reported in Symantec's Norton Personal Firewall. A remote user can cause denial of service conditions or execute arbitrary code on the target system.

eEye Digital Security reported that a remote user can execute arbitrary code on the target system in the default installation. A remote user can also cause "severe" denial-of-service conditions on the target system.

It is reported that a remote user send a single specially crafted NetBIOS Name Service packet to UDP port 137 on the target system to cause arbitrary code to be executed with kernel-level privileges on the target system [CVE: CVE-2004-0444]. When such a packet is received and has a source port of 137 and if the software is configured to allow incoming NetBIOS packets on port 137 (not a default setting, but may be required to permit Windows file sharing), the flaw can reportedly be triggered. The flaw resides in the SYMDNS.SYS driver, the report said.

It is also reported that a remote user can send a single specially crafted DNS response packet to the target system on UDP port 53 with a source port of 53 to cause the target system to enter an infinite processing loop, requiring a cold reboot to return to normal operations [CVE: CVE-2004-0445]. The flaw resides in the SYMDNS.SYS, where a compressed name pointer that points to itself can trigger the flaw.

It is also reported that a remote user can send specially crafted NetBIOS Name Service response packets to trigger a heap overflow in SYMDNS.SYS and execute arbitrary code with Ring 0 kernel privileges [CVE: CVE-2004-0444]. Some exploitation attempts may result in denial of service conditions (blue screen), but it is also possible to execute arbitrary code.

It is also reported that a remote user can send a DNS Resource Record with a long canonical name (CNAME) field to trigger a stack-based buffer overflow and execute arbitrary code with Ring 0 kernel level privileges on the target system [CVE: CVE-2004-0444]. The report indicates that this vulnerability can be exploited even if all ports are filtered and/or all intrusion rules are set. Like the other flaws, this one also resides in the SYMDNS.SYS driver.

The vendor was reportedly notified on April 19, 2004.

Impact:   A remote user can execute arbitrary code with kernel level privileges on the target system to take full control of the target user's system.

A remote user can cause "severe" denial of service conditions on the target system.

Solution:   The vendor has issued a fix, available via LiveUpdate.
Vendor URL:  www.symantec.com/ (Links to External Site)
Cause:   Boundary error, State error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  http://www.eeye.com/html/Research/Upcoming/20040419.html


http://www.eeye.com/html/Research/Upcoming/20040419.html
http://www.eeye.com/html/Research/Upcoming/20040419B.html

EEYEB-20040419
EEYEB-20040419B

eEye Digital Security reported some vulnerabilities in Symantec's Norton Internet Security 
and Norton Personal Security 2004.  A remote user can execute arbitrary code on the target 
system in the default installation.

A remote user can also cause "severe" denial-of-service conditions on the target system.

The vendor has reportedly been notified.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC