Initial Publication Date: Advisory Status: Advisory Severity: Legacy ID
22 Sep 2004 Closed High
Symantec resolved three high-risk vulnerabilities that had been identified in the Symantec Firewall/VPN Appliance 100, 200 and 200R models. The Symantec Gateway Security 320, 360 and 360R are vulnerable to only two of the issues, which have been resolved. Additionally, legacy Nexland Firewall Appliances are affected by these issues.
All of these vulnerabilities are remotely exploitable and can allow an attacker to perform a denial of service attack against the firewall appliance, identify active services in the WAN interface, and exploit one of these services to collect and alter the firewall's configuration. All three vulnerabilities are addressed and resolved in available updated firmware release builds.
Rigel Kent Security & Advisory Services notified Symantec of three high-risk vulnerabilities they identified in the Symantec Firewall/VPN Appliance during an assessment. Additional research also shows that the legacy Nexland Firewall Appliances, now supported by Symantec, are also affected. All vulnerabilities are remotely exploitable and could allow an attacker to perform a denial of service (DoS) attack against the firewall appliance, identify active services in the WAN interface, and exploit one of the identified services to collect and alter the firewall's configuration. The Symantec Firewall/VPN Appliances, models 100, 200 and 200R are vulnerable to all three issues. The Nexland ISB SOHO, Pro100, Pro400, Pro800, Pro800turbo and the Nexland WaveBase Firewall Appliances are vulnerable as well to all three reported issues. The Symantec Gateway Security models 320, 360 and 360R are not vulnerable to the Denial of Service issue but have been validated as being vulnerable to the other two issues.
CVE candidate numbers have been requested from The Common Vulnerabilities and Exposures (CVE) initiative. This advisory will be revised as required once CVE candidate numbers have been assigned. These issues are candidates for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.
Symantec confirmed the vulnerabilities mentioned above and coordinated extensively with Rigel Kent Security & Advisory Services to finalize and thoroughly test the fixes for Symantec's affected products.
Symantec has released firmware builds labeled 1.63 for Symantec Firewall/VPN Appliance models100, 200 and 200R. Symantec has also released firmware builds 622 for the Symantec Gateway Security Appliance models 320, 360 and 360R that fix the two issue impacting those products.
Symantec has released firmware build 16U for the Nexland Firewall Appliances that addresses these issues impacting the Nexland appliances.
NOTE: The Symantec Gateway Security 300 series appliances are not vulnerable to the DoS issue.
Symantec strongly recommends customers apply the appropriate firmware for their affected product models/versions immediately to protect against these types of threat.
Symantec is not aware of any active attempts against or organizations impacted by this issue.
Symantec appreciates the actions of Mike Sues and the Rigel Kent Security & Advisory team in identifying these issues, notifying Symantec, and their extensive cooperation and coordination while Symantec worked to resolve all issues. Symantec also appreciates the efforts of Arthur Hagen, Broomstick.com, in working through Rigel Kent Security & Advisory to identify these issues in the Nexland Appliances.
12/28/2004 - Added vulnerability and fix information for the legacy Nexland Firewall Appliances prior to firmware release 16U, that are also affected by all three issues described in this advisory. Added update information for firmware build 16U to address the issues in the Nexland Firewall Appliances.
This is machine translated content
Login to Subscribe
Please login to set up your
Would you like to be subscribed to future notifications for this article?
For security reasons, your link to this document has expired. Please click on the attachment link to access this file.
The attachment that you are looking for no longer exists.
There has been an issue retrieving your attachment. Please try again.
Currently server is down.
Didn't find the article you were looking for? Try these resources.