Symantec Network Protection products using affected versions of the Linux kernel are susceptible to multiple vulnerabilities. A remote attacker can cause denial of service through resource exhaustion and memory corruption. A local attacker can escalate their privileges on the system.
Content Analysis (CA)
CVE
Supported Version(s)
Remediation
CVE-2019-11477, CVE-2019-11478,
CVE-2019-11479
2.3
Not available at this time
2.4
Not available at this time
Director
CVE
Supported Version(s)
Remediation
CVE-2019-11478, CVE-2019-11479
6.1
Not available at this time
Mail Threat Defense (MTD)
CVE
Supported Version(s)
Remediation
CVE-2019-11477, CVE-2019-11478,
CVE-2019-11479
1.1
Not available at this time
Malware Analysis (MA)
CVE
Supported Version(s)
Remediation
CVE-2019-11477, CVE-2019-11478,
CVE-2019-11479
4.2
Not available at this time
Management Center (MC)
CVE
Supported Version(s)
Remediation
CVE-2019-11477, CVE-2019-11478,
CVE-2019-11479
2.2
Not available at this time
2.3
Not available at this time
PacketShaper (PS) S-Series
CVE
Supported Version(s)
Remediation
CVE-2019-11477, CVE-2019-11478,
CVE-2019-11479
11.6
Not available at this time
11.9
Not available at this time
11.10
Not available at this time
PolicyCenter (PC) S-Series
CVE
Supported Version(s)
Remediation
CVE-2019-11477, CVE-2019-11478,
CVE-2019-11479
1.1
Not available at this time
Reporter
CVE
Supported Version(s)
Remediation
CVE-2019-11477, CVE-2019-11478,
CVE-2019-11479
10.3
Not available at this time
10.4
Not available at this time
Security Analytics (SA)
CVE
Supported Version(s)
Remediation
CVE-2019-11477, CVE-2019-11478,
CVE-2019-11479
7.2
Not available at this time
7.3
Not available at this time
8.0
Not available at this time
SSL Visibility (SSLV)
CVE
Supported Version(s)
Remediation
CVE-2019-11477, CVE-2019-11478,
CVE-2019-11479
3.10
Not available at this time
3.12
Not available at this time
4.4
Not available at this time
4.5
Not available at this time
5.0
Not available at this time
Web Isolation (WI)
CVE
Supported Version(s)
Remediation
CVE-2019-11477, CVE-2019-11478,
CVE-2019-11479
1.12
Upgrade to 1.12.21+433.
1.13 and later
Not vulnerable, fixed.
X-Series XOS
CVE
Supported Version(s)
Remediation
CVE-2019-11477
10.0
Not vulnerable
11.0
Not available at this time
CVE-2019-11478, CVE-2019-11479
10.0, 11.0
Not available at this time
CVE-2019-11815
10.0, 11.0
Under investigation
The following products are not vulnerable: Advanced Secure Gateway
AuthConnector
BCAAA
CacheFlow (CF)
Cloud Data Protection (CDP) for Salesforce
Cloud Data Protection (CDP) for ServiceNow
Cloud Data Protection (CDP) for Oracle CRM on Demand
Cloud Data Protection (CDP) Communication Server
Cloud Data Protection (CDP) Integration Server
General Auth Connector Login Application
PacketShaper (PS)
PolicyCenter (PC)
ProxyAV
ProxyAV ConLog and ConLogXP
ProxySG
Symantec HSM Agent for the Luna SP
Unified Agent (UA)
WSS Agent (WSSA)
WSS Mobile Agent
A user-after-free flaw in the RDS over TCP implementation allows a remote attacker to corrupt the target's memory or a local attacker to escalate their privileges on the system.
An integer overflow flag in TCP SACK processing allows a remote attacker to send crafted SACK segments on a TCP connection and cause denial of service through memory corruption.
An excessive resource consumption flaw in TCP SACK processing allows a remote attacker to send crafted SACK segments on a TCP connection and cause denial of service.
An excessive resource consumption flaw in TCP processing allows a remote attacker to send network traffic with low MSS on a TCP connection and cause denial of service.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)