Symantec Enterprise Firewall uses a stripped-down version of the Apache HTTP Web Server as an integral part of the Out-of-Band Authentication (OOBA) mechanism. On June 17, 2002, CERT reported a remotely exploitable vulnerability in the way that Apache Web servers (or other Web servers based on Apache source code) handle data encoded in chunks. While investigating the impact of this issue, Symantec engineers discovered that, if enabled, the Symantec Enterprise Firewall OOBA service could be susceptible to a denial of service (DoS) attack.
OOBA uses an Apache HTTP Web Server to facilitate user authentication to the firewall. If the Apache Web server on the firewall is attacked with a chunk-encoding buffer overflow attack, the HTTP server will abort. As a result, the firewall will restart the service. Because restarting the service consumes system resources, a continuous attack on the service will put unnecessary stress on the firewall that could affect system availability to legitimate users. The impact of such an attack would result only in a DoS.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)