| Name | Symantec.Firewall.NBNS.Response.Buffer.Overflow |
| Alias/es | Symantec.Firewall.NBNS.Response.Overflow |
| Last Updated Date | Mar 18, 2008 |
| Release Date | Aug 13, 2005 |
| Severity | Critical |
| Impact | System compromise: remote code execution.
Denial of Service. |
| Description | This indicates an attempt to exploit a buffer overflow vulnerability in Symantec Client Firewall.
The vulnerability is a result of the software's failure to properly parse NetBIOS Name Service responses. An attacker can crash the firewall by sending malicious NetBIOS responses to it, causing a Denial of Service condition. It may also be possible to execute arbitrary code on the system. |
| Affected Products | The following products and earier versions are vulnerable:
Symantec Norton Personal Firewall 2004
Symantec Client Security 1.1
Symantec Client Firewall 5.1.1
Symantec Norton Internet Security 2004 Professional Edition |
| Recommended Actions | Apply the appropriate patch from the vendor or upgrade to a non-vulnerable version if available. |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2004-0444
|
| Reference/s | http://www.securityfocus.com/bid/10333 (BugTraq)
http://www.securityfocus.com/bid/10334 (BugTraq)
http://www.securityfocus.com/bid/10335 (BugTraq)
|