Vulnerability Note VU#441078

Symantec Firewall/VPN appliance vulnerable to DoS via UDP port scan

Overview

A vulnerability in the Symantec Firewall/VPN appliance could allow an attacker to cause a denial-of-service condition.

I. Description

The Symantec Firewall/VPN appliance supports a number of services that utilize the UDP protocol including tftpd, snmpd, and isakmp. There is a vulnerability in the Firewall/VPN appliance that allows a UDP port scan on the WAN interface against all ports (i.e. 1-65535) to cause the device to stop responding. In order to regain functionality, the device must be powered off and back on.

Affected Products:

Symantec Firewall/VPN Appliance 100 (firmware builds prior to build 1.63)
Symantec Firewall/VPN Appliance 200/200R (firmware builds prior to build 1.63)

II. Impact

A remote, unauthenticated attacker could cause a denial-of-service condition.

III. Solution

Upgrade Firmware

According to the Symantec Advisory, product specific firmware and hotfixes are available via the Symantec Enterprise Support site.

http://www.symantec.com/techsupp/

Systems Affected

Vendor	Status	Date Notified	Date Updated
Symantec Corporation	Vulnerable	20-Oct-2004

References

http://www.sarc.com/avcenter/security/Content/2004.09.22.html
http://www.rigelksecurity.com/Services/Svcs_sec_advis.html
http://secunia.com/advisories/12635/
http://www.securityfocus.com/bid/11237
http://www.securitytracker.com/alerts/2004/Sep/1011389.html

Credit

This vulnerability was reported by Symantec. Symantec credits Mike Sues and the Rigel Kent Security & Advisory Services for discovering the vulnerability.

This document was written by Damon Morda.

Other Information

Date Public:	2004-09-22
Date First Published:	2004-10-20
Date Last Updated:	2004-10-20
CERT Advisory:
CVE-ID(s):
NVD-ID(s):
US-CERT Technical Alerts:
Metric:	5.78
Document Revision:	8

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Get Adobe Reader