SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Firewall)  >  Norton Internet Security Vendors:  Symantec
Symantec Norton Internet Security SYMNDIS.SYS TCP Options Parsing Flaw Lets Remote Users Deny Service
SecurityTracker Alert ID:  1009380
CVE Reference:  CAN-2004-0375   (Links to External Site)
Updated:  Apr 23 2004
Original Entry Date:  Mar 10 2004
Impact:  Denial of service via network
Fix Available:  Yes   Exploit Included:  Yes   Vendor Confirmed:  Yes  
Advisory:  eEye Digital Security
Version(s): 2003, 2004, including the Professional version
Description:  A vulnerability was reported in Symantec's Norton Internet Security in the processing of TCP Options. A remote user can cause denial of service conditions on the target system.

eEye Digital Security reported a vulnerability in several Symantec products. A remote user can reportedly send a single packet to the target system to cause the target system to hang. A physical restart of the system is required to return to normal operations.

The flaw reportedly resides in SYMNDIS.SYS. A remote user can send a single TCP packet with a TCP option of either SACK (05) or Alternate Checksum Data (0F) followed by a length of 00 to cause the SYMNDIS.SYS driver to enter an infinite processing loop, the report said. The vulnerability can be triggered regardless of whether the application is enabled or not.

The vendor was reportedly notified on March 9, 2004.
Impact:  A remote user can cause denial of service conditions on the target system. A physical restart of the system is required to return to normal operations.
Solution:  The vendor has reportedly issued a fix, available via Live Update.
Vendor URL:  www.symantec.com/sabu/nis/nis_pe/index.html (Links to External Site)
Cause:  State error
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents
Date:  Wed, 10 Mar 2004 16:13:32 -0500
Subject:  http://www.eeye.com/html/Research/Upcoming/20040309.html

 

http://www.eeye.com/html/Research/Upcoming/20040309.html

eEye Digital Security reported a vulnerability in several Symantec products.  A remote 
user can conduct "severe" denial of service attacks against the target system.  No further 
details were provided pending vendor notification and correction.

The following versions are reportedly affected:

Norton Internet Security 2004
Norton Internet Security 2004 Professional
Norton Personal Firewall 2004


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC