Signature Detail

DNS: Symantec DNS Response DOS

This signature detects attempts to exploit a known vulnerability within multiple Symantec client security products. A successful attack can result in a denial-of-service condition. An attacker can craft a DNS packet that can cause the Symantec security products to enter an infinite loop, allowing an attacker to disable all access to the host running the vulnerable product. The victim will need to reboot the server for the system to be usable again.

Extended Description

Various Symantec Client Firewall products are prone to a remote denial-of-service vulnerability because the applications fail to properly handle DNS response packets.

Affected Products

• Symantec Client Firewall 5.0.0 1
• Symantec Client Firewall 5.1.1
• Symantec Client Security 1.0.0
• Symantec Client Security 1.1.0
• Symantec Client Security 2.0.0 (SCF 7.1)
• Symantec Norton AntiSpam 2004
• Symantec Norton Internet Security 2002
• Symantec Norton Internet Security 2002 Professional Edition
• Symantec Norton Internet Security 2003
• Symantec Norton Internet Security 2003 Professional Edition
• Symantec Norton Internet Security 2004
• Symantec Norton Internet Security 2004 Professional Edition
• Symantec Norton Personal Firewall 2002
• Symantec Norton Personal Firewall 2003
• Symantec Norton Personal Firewall 2004

References

• BugTraq: 10336
• CVE: CVE-2004-0445