Intrusion Prevention

Symantec.Client.Firewall.DNS.Response.Buffer.Overflow

Description

This indicates a possible attempt to exploit a buffer overflow vulnerability in various Symantec Firewall Products.
The vulnerability is a result of insufficient bounds checking of DNS response data. It may be exploited to gain SYSTEM/kernel level access to a computer hosting the vulnerable software.
The source of the vulnerability is that the CNAME (Canonical Name) data field specified in incoming DNS Resource Records is copied into an internal buffer in an insecure manner, resulting in a stack-based buffer overflow.

Affected Products

Symantec Norton Personal Firewall 2004
Symantec Norton Personal Firewall 2003
Symantec Norton Personal Firewall 2002
Symantec Norton Internet Security 2004 Professional Edition
Symantec Norton Internet Security 2004
Symantec Norton Internet Security 2003 Professional Edition
Symantec Norton Internet Security 2003
Symantec Norton Internet Security 2002 Professional Edition 0
Symantec Norton Internet Security 2002 0
Symantec Norton AntiSpam 2004
Symantec Client Security 2.0 (SCF 7.1)
Symantec Client Security 1.1
Symantec Client Security 1.0
Symantec Client Firewall 5.1.1
Symantec Client Firewall 5.0 1

Impact

System compromise: remote code execution.

Recommended Actions

Symantec recommends that clients running corporate versions of the affected products apply patches obtained through their appropriate support channels.

CVE References

CVE-2004-0444