Vulnerability Note VU#441078

Symantec Firewall/VPN appliance vulnerable to DoS via UDP port scan

Original Release date: 20 Oct 2004 | Last revised: 20 Oct 2004

Overview

A vulnerability in the Symantec Firewall/VPN appliance could allow an attacker to cause a denial-of-service condition.

Description

The Symantec Firewall/VPN appliance supports a number of services that utilize the UDP protocol including tftpd, snmpd, and isakmp. There is a vulnerability in the Firewall/VPN appliance that allows a UDP port scan on the WAN interface against all ports (i.e. 1-65535) to cause the device to stop responding. In order to regain functionality, the device must be powered off and back on.

Affected Products:

    • Symantec Firewall/VPN Appliance 100 (firmware builds prior to build 1.63)
    • Symantec Firewall/VPN Appliance 200/200R (firmware builds prior to build 1.63)

Impact

A remote, unauthenticated attacker could cause a denial-of-service condition.

Solution

Upgrade Firmware According to the Symantec Advisory, product specific firmware and hotfixes are available via the Symantec Enterprise Support site.

http://www.symantec.com/techsupp/

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Symantec CorporationAffected-20 Oct 2004
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was reported by Symantec. Symantec credits Mike Sues and the Rigel Kent Security & Advisory Services for discovering the vulnerability.

This document was written by Damon Morda.

Other Information

  • CVE IDs: Unknown
  • Date Public: 22 Sep 2004
  • Date First Published: 20 Oct 2004
  • Date Last Updated: 20 Oct 2004
  • Severity Metric: 5.78
  • Document Revision: 8

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.