|
Symantec Firewall/VPN Products Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA12635
|
|
|
Release Date:
|
2004-09-23
|
|
Last Update:
|
2005-02-15
|
|
Popularity:
|
30,673 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Security Bypass
Manipulation of data
DoS
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Symantec Firewall/VPN Appliance 100/200/200R
Symantec Gateway Security 2.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2004-1472
CVE-2004-1473
CVE-2004-1474
|
|
Description:
Rigel Kent Security & Advisory Services has reported some vulnerabilities in various Symantec Firewall/VPN products, which can be exploited by malicious people to cause a DoS (Denial of Service), identify active services, and manipulate the firewall configuration.
1) An error within the connection handling can be exploited to cause the firewall to stop responding via a UDP port scan of all ports on the WAN interface.
This vulnerability affect the following products:
* Symantec Firewall/VPN Appliance 100 (firmware builds prior to build 1.63)
* Symantec Firewall/VPN Appliance 200/200R (firmware builds prior to build 1.63)
2) An access control error in the default firewall ruleset causes any incoming UDP traffic from port 53 to be accepted. This makes it possible for a malicious person to port scan a system for listening UDP services on the WAN interface and communicate with these by using port 53/udp as source port.
This vulnerability affect the following products:
* Symantec Firewall/VPN Appliance 100 (firmware builds prior to build 1.63)
* Symantec Firewall/VPN Appliance 200/200R (firmware builds prior to build 1.63)
* Symantec Gateway Security 320 (firmware builds prior to build 622)
* Symantec Gateway Security 360/360R (firmware builds prior to build 622)
3) The default SNMP read/write community strings can't be changed nor can the SNMP service be disabled. This can be exploited in combination with vulnerability #2 to disclose and manipulate the firewall configuration via the SNMP service.
This vulnerability affect the following products:
* Symantec Firewall/VPN Appliance 100 (firmware builds prior to build 1.63)
* Symantec Firewall/VPN Appliance 200/200R (firmware builds prior to build 1.63)
* Symantec Gateway Security 320 (firmware builds prior to build 622)
* Symantec Gateway Security 360/360R (firmware builds prior to build 622)
Solution:
Apply updated firmware builds.
Symantec Firewall/VPN Appliance 100:
ftp://ftp.symantec.com/public/updates/vpn100_163_all.zip
Symantec Firewall/VPN Appliance 200:
ftp://ftp.symantec.com/public/updates/vpn200_163_all.zip
Symantec Firewall/VPN Appliance 200R:
ftp://ftp.symantec.com/public/updates/vpn200R_163_all.zip
Symantec Gateway Security 300 Series:
ftp://ftp.symantec.com/public/english...0-Series_2.0/updates/build622_LU2.zip
Provided and/or discovered by:
Rigel Kent Security & Advisory Services
Changelog:
2004-10-20: Added links to US-CERT vulnerability notes.
2005-02-15: Added CVE reference.
Original Advisory:
http://www.sarc.com/avcenter/security/Content/2004.09.22.html
Other References:
US-CERT VU#441078:
http://www.kb.cert.org/vuls/id/441078
US-CERT VU#329230:
http://www.kb.cert.org/vuls/id/329230
US-CERT VU#173910:
http://www.kb.cert.org/vuls/id/173910
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
