Symantec vulnerabilities
p2pnet.net News:- One of the firms capitalizing significantly on the continuing flood of virus attacks is Symantec.
But now it says its own SEnterprise Firewall/VPN and Gateway Security 300 Series appliances have "Multiple Issues".
That’s PR down-speak for the fact the appliances have high-risk "vulnerabilities".
However, the flaws are "highly critical," states Secunia.
Affected Components
- Symantec Firewall/VPN Appliance 100 (firmware builds prior to build 1.63
- Symantec Firewall/VPN Appliance 200/200R (firmware builds prior to build 1.63
- Symantec Gateway Security 320 (firmware builds prior to build 622)
- Symantec Gateway Security 360/360R (firmware builds prior to build 622)
"Rigel Kent Security & Advisory Services notified Symantec of three high-risk vulnerabilities they identified in the Symantec Firewall/VPN Appliance during an assessment," says Symantec.
"All are remotely exploitable and could allow an attacker to perform a denial of service (DoS) attack against the firewall appliance, identify active services in the WAN interface, and exploit one of the identified services to collect and alter the firewall’s configuration."
Symantec says Firewall/VPN Appliances, models 100, 200 and 200R are vulnerable to all three issues and although Gateway Security models 320, 360 and 360R aren’t vulnerable to the Denial of Service attacks, they’re vulnerable to the other two problems.
Product specific firmware and hotfixes are available via the Symantec Enterprise Support site http://www.symantec.com/techsupp.
=================
See:-
high-risk – Symantec Enterprise Firewall/VPN and Gateway Security 300 Series Appliances Multiple Issues, Symantec, September 22, 2004
highly critical – Symantec Firewall/VPN Products Multiple Vulnerabilities, Secunia, September 23, 2004
