| VID |
12058 |
| Severity |
40 |
| Port |
|
| Protocol |
TCP |
| Class |
Protocol |
| Detailed Description |
The target host seems to be vulnerable to an invalid TCP Options field within a TCP packet.
Symantec Client Firewall for Microsoft Windows Operating systems has been reported to be prone to a remote denial of service vulnerability. The vulnerability exists in SYMNDIS.SYS driver when trying to parse through the TCP Options in a TCP packet. It allows a remote attacker to reliably render a system inoperative with one single packet. A hard reset is reported to be required to restore normal functionality to the system.
The attacker only needs to send a single packet to any port on the system regardless of whether or not the port is open. This flaw is still accessible even if the firewall or IDS are enabled/disabled.
* References:
http://www.eeye.com/html/Research/Advisories/AD20040423.html
http://archives.neohapsis.com/archives/fulldisclosure/2004-03/2406.html
http://secunia.com/advisories/11102/
http://www.osvdb.org/displayvuln.php?osvdb_id=5596
* Platforms Affected:
Symantec Norton Internet Security 2003
Symantec Norton Internet Security 2004
Symantec Norton Personal Firewall 2003
Symantec Norton Personal Firewall 2004
Symantec Symantec Client Firewall 5.01 and 5.1.1
Symantec Symantec Client Security 1.0 and 1.1
Microsoft Windows Any version |
| Recommendation |
Apply the appropriate patch, as listed in Symantec Security Response SYM04-007 at http://www.sarc.com/avcenter/security/Content/2004.04.20.html |
| Related URL |
CVE-2004-0375 (CVE) |
| Related URL |
10204 (SecurityFocus) |
| Related URL |
15936 (ISS) |
|
