 |
 Denial of Service vulnerability found in Norton Personal Firewall
April 23, 2004
According to eEye Digital Security, a severe Denial of Service vulnerability has been discovered in the Symantec Client Firewall products for Windows. By exploiting this issue, an attacker could render the targeted system inoperable.
The problem core is that by directing a series of specifically formatted TCP packets to a target system running a vulnerable Symantec application, an attacker can cause a complete system halt. As a result, the targeted system would require a system reboot to clear the problem, which may cause serious data loss or damage.
This vulnerability has been discovered in the following Symantec products:
- Symantec Norton Internet Security and Professional 2003, 2004
- Symantec Norton Personal Firewall 2003, 2004
- Corporate:
- Symantec Client Firewall 5.01, 5.1.1
- Symantec Client Security 1.0 and 1.1
Because of the problem core and number of products affected this exploit has been rated high, so the users are advised to apply patch immediately. These patches are already released through Symantec LiveUpdate and technical support channels.
Clients using retail versions of Symantec Norton Internet Security and Symantec Norton Personal Firewall who regularly run Symantec LiveUpdate should already be protected against this issue. However, to make sure the protection is up-to-date, customers should run Symantec LiveUpdate manually to ensure all available updates are installed.
Symantec also claims that no active attempts against or customer impact from this issue.
|
|
