Symantec.Client.Firewall.DNS.Response.Buffer.Overflow
Description
This indicates a possible attempt to exploit a buffer overflow vulnerability in various Symantec Firewall Products.
The vulnerability is a result of insufficient bounds checking of DNS response data. It may be exploited to gain SYSTEM/kernel level access to a computer hosting the vulnerable software.
The source of the vulnerability is that the CNAME (Canonical Name) data field specified in incoming DNS Resource Records is copied into an internal buffer in an insecure manner, resulting in a stack-based buffer overflow.
Affected Products
Symantec Norton Personal Firewall 2004
Symantec Norton Personal Firewall 2003
Symantec Norton Personal Firewall 2002
Symantec Norton Internet Security 2004 Professional Edition
Symantec Norton Internet Security 2004
Symantec Norton Internet Security 2003 Professional Edition
Symantec Norton Internet Security 2003
Symantec Norton Internet Security 2002 Professional Edition 0
Symantec Norton Internet Security 2002 0
Symantec Norton AntiSpam 2004
Symantec Client Security 2.0 (SCF 7.1)
Symantec Client Security 1.1
Symantec Client Security 1.0
Symantec Client Firewall 5.1.1
Symantec Client Firewall 5.0 1
Impact
System compromise: remote code execution.
Recommended Actions
Symantec recommends that clients running corporate versions of the affected products apply patches obtained through their appropriate support channels.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |