[ISN] Multiple Vulnerabilities Found in Symantec Client Products

From: InfoSec News (isn@private)
Date: Thu May 13 2004 - 02:49:49 PDT

  • Next message: InfoSec News: "[ISN] The ease of (ab)using X11, Part 1"

    http://www.eweek.com/article2/0,1759,1591504,00.asp
    
    By Larry Seltzer 
    May 12, 2004   
     
    Symantec has acknowledged several serious bugs in several of its
    client security products in both corporate and consumer editions.
    
    The problems, reported to Symantec Corp. by eEye Digital Security,
    involve several functions of the products but one specific file,
    SYMDNS.SYS.
    
    Symantec has provided a brief description, stating that fixes for all
    of the problems are available through its LiveUpdate and
    technical-support channels.
    
    Products affected include Symantec Client Firewall versions 5.0.0
    through 5.1.1; Symantec Client Security 1.0.0, 1.1.0 and 2.0.0; Norton
    AntiSpam 2004; Norton Internet Security 2002 through 2004; and Norton
    Internet Security Professional Edition 2002 through 2004.
     
    DNS response is one of the functions listed as having such an error. A
    malicious response to a DNS request could cause the program to fail or
    alter the flow of the program. There are also errors in the processing
    of NetBIOS Name Service responses that could allow remote code
    execution or denial of service. Since NetBIOS is not a routable
    protocol, such attacks would have to come from within a network
    segment.
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Thu May 13 2004 - 04:52:35 PDT