Vulnerability Note VU#760256

The ActiveX and HTML file browsers of the Symantec 4400 Series Clientless VPN Gateway contains various unspecified vulnerabilities

Overview

The ActiveX and HTML file browsers in the Symantec Clientless VPN Gateway 4400 Series contain various unspecified vulnerabilities.

I. Description

The Symantec Clientless VPN Gateway 4400 Series is a stand-alone security appliance for connecting remote users to a trusted network via a virtual private network. The ActiveX and HTML file browsers included with the 4400 Series VPN Gateway contain various vulnerabilities. The specifics of the vulnerabilities are not known.

II. Impact

These vulnerabilities may result in unauthorized access to the system or lead to unpredictable behavior.

III. Solution

Apply a Hotfix

Symantec has posted a hotfix to address this issue. The hotfix is labeled Hotfix: SCVG5-20040806-00 and can be located at:

ftp://ftp.symantec.com/public/english_us_canada/products/sym_clientless_vpn/sym_clientless_vpn_5/updates/SCVG5-20040806-00.tgz

The README file describing this hotfix is available here.

Systems Affected

Vendor	Status	Date Notified	Date Updated
Symantec Corporation	Vulnerable	20-Oct-2004

References

http://secunia.com/advisories/12254/
http://www.securitytracker.com/alerts/2004/Aug/1010918.html
http://securityresponse.symantec.com/avcenter/security/Content/2004.08.13.html
ftp://ftp.symantec.com/public/english_us_canada/products/sym_clientless_vpn/sym_clientless_vpn_5/updates/hf3-readme.txt
http://www.osvdb.org/displayvuln.php?osvdb_id=8508

Credit

This vulnerability was discovered by Symantec

This document was written by Jeff Gennari.

Other Information

Date Public:	2004-08-10
Date First Published:	2004-10-20
Date Last Updated:	2004-10-20
CERT Advisory:
CVE-ID(s):
NVD-ID(s):
US-CERT Technical Alerts:
Metric:	0.62
Document Revision:	75

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Get Adobe Reader