Vulnerability Note VU#441078

Symantec Firewall/VPN appliance vulnerable to DoS via UDP port scan

Original Release date: 20 Oct 2004 | Last revised: 20 Oct 2004

Overview

A vulnerability in the Symantec Firewall/VPN appliance could allow an attacker to cause a denial-of-service condition.

Description

The Symantec Firewall/VPN appliance supports a number of services that utilize the UDP protocol including tftpd, snmpd, and isakmp. There is a vulnerability in the Firewall/VPN appliance that allows a UDP port scan on the WAN interface against all ports (i.e. 1-65535) to cause the device to stop responding. In order to regain functionality, the device must be powered off and back on.

Affected Products:

  • Symantec Firewall/VPN Appliance 100 (firmware builds prior to build 1.63)
  • Symantec Firewall/VPN Appliance 200/200R (firmware builds prior to build 1.63)

Impact

A remote, unauthenticated attacker could cause a denial-of-service condition.

Solution

Upgrade Firmware
According to the Symantec Advisory, product specific firmware and hotfixes are available via the Symantec Enterprise Support site.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Symantec CorporationAffected-20 Oct 2004
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was reported by Symantec. Symantec credits Mike Sues and the Rigel Kent Security & Advisory Services for discovering the vulnerability.

This document was written by Damon Morda.

Other Information

  • CVE IDs: Unknown
  • Date Public: 22 Sep 2004
  • Date First Published: 20 Oct 2004
  • Date Last Updated: 20 Oct 2004
  • Severity Metric: 5.78
  • Document Revision: 8

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.