Secunia

Community Login

Customer Login

Partner Login

Overview

Advisories

Research

Forums

Create Profile

Our Commitment

Database

Advisories by Product

Advisories by Vendor

Terminology

Report Vulnerability

Insecure Library Loading

Secunia Advisory SA12635

Symantec Firewall/VPN Products Multiple Vulnerabilities

Secunia Advisory

SA12635

Get alerted and manage the vulnerability life cycle

Release Date

2004-09-23

Last Update

2005-02-15

Popularity

36,604 views

Comments

0 comments

Criticality level

Highly critical

Impact

Security Bypass
Manipulation of data
DoS

Where

From remote

Authentication level

Available in Customer Area

Report reliability

Available in Customer Area

Solution Status

Vendor Patch

Systems affected

Available in Customer Area

Approve distribution

Available in Customer Area

Operating System

Symantec Firewall/VPN Appliance 100/200/200R

Symantec Gateway Security 2.x

Secunia CVSS Score

Available in Customer Area

CVE Reference(s)

CVE-2004-1472 CVSS available in Customer Area
CVE-2004-1473 CVSS available in Customer Area
CVE-2004-1474 CVSS available in Customer Area

Description

Rigel Kent Security & Advisory Services has reported some vulnerabilities in various Symantec Firewall/VPN products, which can be exploited by malicious people to cause a DoS (Denial of Service), identify active services, and manipulate the firewall configuration.

1) An error within the connection handling can be exploited to cause the firewall to stop responding via a UDP port scan of all ports on the WAN interface.

This vulnerability affect the following products:
* Symantec Firewall/VPN Appliance 100 (firmware builds prior to build 1.63)
* Symantec Firewall/VPN Appliance 200/200R (firmware builds prior to build 1.63)

2) An access control error in the default firewall ruleset causes any incoming UDP traffic from port 53 to be accepted. This makes it possible for a malicious person to port scan a system for listening UDP services on the WAN interface and communicate with these by using port 53/udp as source port.

This vulnerability affect the following products:
* Symantec Firewall/VPN Appliance 100 (firmware builds prior to build 1.63)
* Symantec Firewall/VPN Appliance 200/200R (firmware builds prior to build 1.63)
* Symantec Gateway Security 320 (firmware builds prior to build 622)
* Symantec Gateway Security 360/360R (firmware builds prior to build 622)

3) The default SNMP read/write community strings can't be changed nor can the SNMP service be disabled. This can be exploited in combination with vulnerability #2 to disclose and manipulate the firewall configuration via the SNMP service.

This vulnerability affect the following products:
* Symantec Firewall/VPN Appliance 100 (firmware builds prior to build 1.63)
* Symantec Firewall/VPN Appliance 200/200R (firmware builds prior to build 1.63)
* Symantec Gateway Security 320 (firmware builds prior to build 622)
* Symantec Gateway Security 360/360R (firmware builds prior to build 622)

Solution
Apply updated firmware builds.
Further details available in Customer Area

Provided and/or discovered by
Rigel Kent Security & Advisory Services

Changelog
Further details available in Customer Area

Original Advisory
http://www.sarc.com/avcenter/security/Content/2004.09.22.html

Other references
Further details available in Customer Area

Deep Links
Links available in Customer Area

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Symantec Firewall/VPN Products Multiple Vulnerabilities

No posts yet

Secunia

Secunia Advisory SA12635

Symantec Firewall/VPN Products Multiple Vulnerabilities

Do you have additional information related to this advisory?

You must be logged in to post a comment.

Secunia Customer Login

Not a customer already?