Showing 1 - 2 of 2

Files

eEye.symantecDNS2.txt: Posted May 13, 2004; Authored by Barnaby Jack, Karl Lynn, Derek Soeder | Site eeye.com; eEye Security Advisory - eEye Digital Security has discovered a second vulnerability in the Symantec firewall product line that can be remotely exploited to cause a severe denial-of-service condition on systems running a default installation of an affected version of the product. By sending a single malicious DNS (UDP port 53) response packet to a vulnerable host, an attacker can cause the Symantec DNS response validation code to enter an infinite loop within the kernel, amounting to a system freeze that requires the machine to be physically rebooted in order to restore operation. Systems Affected: Symantec Norton Internet Security 2002/2003/2004, Symantec Norton Internet Security Professional 2002/2003/2004, Symantec Norton Personal Firewall 2002/2003/2004, Symantec Client Firewall 5.01/5.1.1, Symantec Client Security 1.0/1.1/2.0(SCF 7.1), and Symantec Norton AntiSpam 2004.; tags | advisory, kernel, udp; SHA-256 | 9586423e4a36c89f9ed7bf1939b4d9b4bc57ec4d8c57dca66ad3372b2230d08b; Download | Favorite | View

Related Files

HOD-symantec-firewall-DoS-expl.c: Posted May 14, 2004; Authored by houseofdabus; Remote denial of service exploit that makes use of the flaw eEye found in Symantec Norton Personal Firewall and other related products. Sends a malicious DNS response packet to a vulnerable host, causing the kernel to go into an infinite loop. Tested against Symantec Norton Personal Firewall 2004.; tags | exploit, remote, denial of service, kernel; SHA-256 | 210a95aedb58ff218b08a68c2698d26d830137378183d72bec41e0c872f2d24d; Download | Favorite | View

eEye.symantecDNS1.txt: Posted May 13, 2004; Authored by Barnaby Jack, Karl Lynn | Site eeye.com; eEye Security Advisory - eEye Digital Security has discovered a critical remote vulnerability within the Symantec firewall product line. A buffer overflow exists within a core driver component that handles the processing of DNS (Domain Name Service) requests and responses. By sending a DNS Resource Record with an overly long canonical name, a traditional stack-based buffer overflow is triggered. Successful exploitation of this flaw yields remote KERNEL access to the system. With the ability to freely execute code at the Ring 0 privilege level, there are literally no boundaries for an attacker. It should also be noted, that due to a separate design flaw in the firewalls handling of incoming packets, this attack can be successfully performed with all ports filtered, and all intrusion rules set. Systems Affected: Symantec Norton Internet Security 2002/2003/2004, Symantec Norton Internet Security Professional 2002/2003/2004, Symantec Norton Personal Firewall 2002/2003/2004, Symantec Client Firewall 5.01/5.1.1, Symantec Client Security 1.0/1.1/2.0(SCF 7.1), and Symantec Norton AntiSpam 2004.; tags | advisory, remote, overflow, kernel; SHA-256 | e473df5134bac9a2cc199d33e7d6e380a34d5d87ed5086575e9a0e9f4c5e035f; Download | Favorite | View

Page 1 of 1 Back 1 Next