Symantec Plugs Holes In Firewall

Discussion in 'other firewalls' started by hayc59, Sep 27, 2004.

Thread Status:
Not open for further replies.
  1. hayc59

    hayc59 Guest

    Symantec has announced that several of its firewall and gateway products are vulnerable to denial-of-service attacks, and it has issued firmware to fix the loopholes.

    Symantec has released patches for several flaws in its security products. For details please see
    http://www.sarc.com/avcenter/security/Content/2004.09.22.html

    Affected products:

    Symantec Firewall/VPN Appliance 100 (firmware builds prior to build 1.63)
    Symantec Firewall/VPN Appliance 200/200R (firmware builds prior to build 1.63)
    Symantec Gateway Security 320 (firmware builds prior to build 622)
    Symantec Gateway Security 360/360R (firmware builds prior to build 622)


    A security advisory posted on Symantec's Web site states that the vulnerabilities "are remotely exploitable and can allow an attacker to perform a denial-of-service attack against the firewall appliance, identify active services in the WAN interface, and exploit one of these services to collect and alter the firewall's configuration."

    The Symantec Firewall/VPN Appliances models 100, 200 and 200R are vulnerable to all three attacks, while the Symantec Gateway Security models 320, 360 and 360R are not vulnerable to the denial-of-service attack, but are vulnerable to the other two types of attack.

    In its advisory, Symantec states that it is "not aware of any active attempts against organizations impacted by this issue."


    Secunia, a Danish Internet security company, also issued an advisory, stating that the DoS attack is made possible because of a problem with the firewall's connection handling, whereby the firewall stops responding via a UDP port scan of all of the ports on the firewall's WAN interface.

    The vulnerabilities first were reported to Symantec by Ottawa, Ontario-based consultancy Rigel Kent Security & Advisory Services.


    Go to this link to download new firmware :


    This vulnerability affect the following products:
    * Symantec Firewall/VPN Appliance 100 (firmware builds prior to build 1.63)
    * Symantec Firewall/VPN Appliance 200/200R (firmware builds prior to build 1.63)
    * Symantec Gateway Security 320 (firmware builds prior to build 622)
    * Symantec Gateway Security 360/360R (firmware builds prior to build 622)

    Solution:
    Apply updated firmware builds.

    Symantec Firewall/VPN Appliance 100:
    ftp://ftp.symantec.com/public/updates/vpn100_163_all.zip

    Symantec Firewall/VPN Appliance 200:
    ftp://ftp.symantec.com/public/updates/vpn200_163_all.zip

    Symantec Firewall/VPN Appliance 200R:
    ftp://ftp.symantec.com/public/updates/vpn200R_163_all.zip

    Symantec Gateway Security 300 Series:
    ftp://ftp.symantec.com/public/en...ies_2....uild622_LU2.zip

    thanks Winchester73 for this...:)
     
    Last edited by a moderator: Sep 28, 2004
Loading...
Thread Status:
Not open for further replies.