CERTA-2004-AVI-326

Vulnerability from certfr_avis - Published: 2004-09-24 - Updated: 2004-09-24

None

Description

Trois vulnérabilités affectent certains produits Symantec.

La première permet de réaliser un déni de service en envoyant rapidement des paquets UDP sur tous les ports de l'interface Internet du pare-feu.

La seconde permet d'identifier les services UDP en envoyant des paquets ayant le port 53/udp en source sur l'interface Internet du pare-feu.

La troisième vulnérabilité concerne l'existence de noms de communauté SNMP par défaut qui ne peuvent être ni désactivés ni modifiés par l'interface d'administration. En exploitant la seconde vulnérabilité, il est possible d'envoyer des requêtes SNMP GET/SET.

Solution

Mettre le firmware à jour (version 1.63 pour Symantec Firewall/VPN Appliance et version 622 pour Symantec Gateway Security) :

http://www.symantec.com/techsupp
None
Impacted products
Vendor Product Description
Symantec N/A Symantec Firewall/VPN Appliance 100 en version du firmware antérieure à 1.63 ;
Symantec N/A Symantec Firewall/VPN Appliance 200/200R en version du firmware antérieure à 1.63 ;
Symantec N/A Symantec Gateway Security 360/360R en version du firmware antérieure à 622.
Symantec N/A Symantec Gateway Security 320 en version du firmware antérieure à 622 ;
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Symantec Firewall/VPN Appliance 100 en version du firmware ant\u00e9rieure \u00e0 1.63 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec Firewall/VPN Appliance 200/200R en version du firmware ant\u00e9rieure \u00e0 1.63 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec Gateway Security 360/360R en version du firmware ant\u00e9rieure \u00e0 622.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec Gateway Security 320 en version du firmware ant\u00e9rieure \u00e0 622 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nTrois vuln\u00e9rabilit\u00e9s affectent certains produits Symantec.\n\nLa premi\u00e8re permet de r\u00e9aliser un d\u00e9ni de service en envoyant rapidement\ndes paquets UDP sur tous les ports de l\u0027interface Internet du pare-feu.\n\nLa seconde permet d\u0027identifier les services UDP en envoyant des paquets\nayant le port 53/udp en source sur l\u0027interface Internet du pare-feu.\n\nLa troisi\u00e8me vuln\u00e9rabilit\u00e9 concerne l\u0027existence de noms de communaut\u00e9\nSNMP par d\u00e9faut qui ne peuvent \u00eatre ni d\u00e9sactiv\u00e9s ni modifi\u00e9s par\nl\u0027interface d\u0027administration. En exploitant la seconde vuln\u00e9rabilit\u00e9, il\nest possible d\u0027envoyer des requ\u00eates SNMP GET/SET.\n\n## Solution\n\nMettre le firmware \u00e0 jour (version 1.63 pour Symantec Firewall/VPN\nAppliance et version 622 pour Symantec Gateway Security) :\n\n    http://www.symantec.com/techsupp\n",
  "cves": [],
  "initial_release_date": "2004-09-24T00:00:00",
  "last_revision_date": "2004-09-24T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SYM04-013 de Symantec du 22 septembre  2004 :",
      "url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.09.22.html"
    }
  ],
  "reference": "CERTA-2004-AVI-326",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2004-09-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Modification de la configuration du garde-barri\u00e8re"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement des r\u00e8gles de filtrage pour l\u0027interface internet"
    }
  ],
  "summary": null,
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les pare-feux Symantec",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SYM04-013 de Symantec du 22 septembre 2004",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.