-----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Brief May 13, 2004
Multiple Vulnerabilities in Symantec Client Firewall Products Synopsis: Multiple vulnerabilities have been discovered in the DNS and NBNS (NetBIOS Name Service) protocol processing function within the Symantec firewall product line. These vulnerabilities may lead to reliable remote code execution or denial of service. Successful exploitation may provide kernel-level access to the compromised system. Impact: These vulnerabilities are caused by incorrect processing of NBNS and DNS requests and responses performed by a key driver within the Symantec client firewall and anti-spam suite. Of the four vulnerabilities described below, ISS X-Force considers the DNS Kernel Stack overflow and the NBNS Stack overflow conditions to be the most serious. Due to the driver/firewall implementation, the DNS vulnerability may be successfully exploited with a single UDP packet regardless of the client firewall ruleset. Additionally, DNS replies (UDP 53) are often allowed through network perimeter firewalls. The NBNS vulnerability relies upon UDP 137 being allowed through the firewall, a common configuration within enterprises to allow for windows file sharing. For the complete X-Force Alert, please visit: http://xforce.iss.net/xforce/alerts/id/176 ______ About Internet Security Systems (ISS) Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a pioneer and world leader in software and services that protect critical online resources from an ever-changing spectrum of threats and misuse. Internet Security Systems is headquartered in Atlanta, GA, with additional operations throughout the Americas, Asia, Australia, Europe and the Middle East. Copyright (c) 2004 Internet Security Systems, Inc. All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this document. It is not to be edited or altered in any way without the express written consent of the Internet Security Systems X-Force. If you wish to reprint the whole or any part of this document in any other medium excluding electronic media, please email xforceiss.net for permission. Disclaimer: The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information. X-Force PGP Key available on MIT's PGP key server and PGP.com's key server, as well as at http://www.iss.net/security_center/sensitive.php Please send suggestions, updates, and comments to: X-Force xforceiss.net of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBQKPdcjRfJiV99eG9AQGDJAP8DNsuhjGadRMMjFOYBShUlKfIwPWLPucv jZSBg1Q8Bk8kN4w38LCNOE+eqT90K9Lpf7oKE7Wn+QT1HdC7RmMjDlGLz7TknGqi E+OakR1H8lL9lU+gUEGLLfVN+3tSp4R1OznnQDVqOz6efkbcX6wYgHTETHT1Dsjz Cw05u4En1ms= =4hDV -----END PGP SIGNATURE----- _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
