Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0375

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-0375
Last Modified 05 Sep 2008 04:38:16
Published 18 Aug 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0375

Summary

SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton Personal Firewall 2003 and 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 and 1.1 allow remote attackers to cause a denial of service (infinite loop) via a TCP packet with (1) SACK option or (2) Alternate Checksum Data option followed by a length of zero.

Vulnerable Systems

Application

  • Symantec Client Firewall 5.01

  • Symantec Client Firewall 5.1.1

  • Symantec Client Security 1.0

  • Symantec Client Security 1.1

  • Symantec Norton Internet Security 2003

  • Symantec Norton Internet Security 2004

  • Symantec Norton Personal Firewall 2003

  • Symantec Norton Personal Firewall 2004


References

XF - symantec-firewall-tcp-dos(15936)

XF - norton-firewalls-dos(15433)

CONFIRM - http://www.symantec.com/avcenter/security/Content/2004.04.20.html

BID - 9912

MISC - http://www.eeye.com/html/Research/Upcoming/20040309.html

SECTRACK - 1009380

SECTRACK - 1009379

BUGTRAQ - 20040423 EEYE: Symantec Multiple Firewall TCP Options Denial of Service


Last Updated: 27 May 2016 10:38:35