/// File Name: |
eEye.symantecDNS1.txt |
Description:
|
eEye Security Advisory - eEye Digital Security has discovered a critical remote vulnerability within the Symantec firewall product line. A buffer overflow exists within a core driver component that handles the processing of DNS (Domain Name Service) requests and responses. By sending a DNS Resource Record with an overly long canonical name, a traditional stack-based buffer overflow is triggered. Successful exploitation of this flaw yields remote KERNEL access to the system. With the ability to freely execute code at the Ring 0 privilege level, there are literally no boundaries for an attacker. It should also be noted, that due to a separate design flaw in the firewalls handling of incoming packets, this attack can be successfully performed with all ports filtered, and all intrusion rules set. Systems Affected: Symantec Norton Internet Security 2002/2003/2004, Symantec Norton Internet Security Professional 2002/2003/2004, Symantec Norton Personal Firewall 2002/2003/2004, Symantec Client Firewall 5.01/5.1.1, Symantec Client Security 1.0/1.1/2.0(SCF 7.1), and Symantec Norton AntiSpam 2004.
| Author: | Barnaby Jack, Karl Lynn | Homepage: | http://www.eeye.com | Related File: | eEye.symantecDNS2.txt | File Size: | 4470 | Last Modified: | May 13 21:28:49 2004 |
MD5 Checksum: | 8295edc7eefa9f06f7e60fb8bec3d918 |
|