CVE-2004-0444 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2004-0444
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2004-0444

Description: Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet Security and Professional 2002 through 2004, Norton Personal Firewall 2002 through 2004, Norton AntiSpam 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 through 2.0 allow remote attackers to cause a denial of service or execute arbitrary code via (1) a manipulated length byte in the first-level decoding routine for NetBIOS Name Service (NBNS) that modifies an index variable and leads to a stack-based buffer overflow, (2) a heap-based corruption problem in an NBNS response that is missing certain RR fields, and (3) a stack-based buffer overflow in the DNS component via a Resource Record (RR) with a long canonical name (CNAME) field composed of many smaller components.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/16137 http://xforce.iss.net/xforce/xfdb/16135 http://xforce.iss.net/xforce/xfdb/16134 ST 1010144 1010145 1010146 SAID Secunia Advisory: SA11066 OSVDB 6099 6101 6102 FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021361.html http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021362.html http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021360.html CONFIRM http://securityresponse.symantec.com/avcenter/security/Content/2004.05.12.html CIAC http://www.ciac.org/ciac/bulletins/o-141.shtml CERT-VN 637318 294998 634414 BID 10333 10334 10335

Return to the previous page.