Revision History
5/3/2005 Added customer impact statement
Risk Impact
Low
Overview
Symantec has addressed certain potential security issues in the handling of Internet Control Message Protocol (ICMP) packets identified in Symantec security gateway products. These issues could result in successful denial of service attacks against the affected products.
Affected Products
| Symantec Gateway Security 5400 Series, v2.x |
|
| Symantec Gateway Security 5300 Series, v1.0 |
|
| Symantec Enterprise Firewall, v7.0.x |
(Windows and Solaris) |
| Symantec Enterprise Firewall v8.0 |
(Windows and Solaris) |
| Symantec VelociRaptor, Model 1100/1200/1300 v1.5 |
|
| Symantec Gateway Security 300 Series |
(All firmware versions) |
| Symantec Gateway Security 400 Series |
(All firmware versions) |
| |
|
| Symantec Firewall/VPN Appliance 100/200/200R |
(All firmware versions) |
| Nexland ISB SOHO Firewall Appliances |
(All firmware versions) |
| Nexland Pro Series Firewall Appliances |
(All firmware versions) |
Details
The National Infrastructure Security Co-ordination Centre (NISCC) in the UK released an advisory on vulnerability issues affecting ICMP packets with TCP payloads. ICMP is the control protocol for IP (Internet Protocol), a core network component central to the majority of networked computer systems in current use.
Symantec security gateway products were thoroughly tested to determine susceptibility to the identified issues. Presented in sufficient quantity and extended duration, attacks using some of these identified issues could potentially be remotely exploited by an unauthorized user resulting in a denial of service (DoS) against the affected products listed above.
Symantec Response
Symantec verified these issues and is making available TCP/ICMP protocol security upgrades for the affected security gateway products. These upgrades take advantage of operating system modifications to address the NISCC identified issues and further enhance Symantecs security posture.
Symantec recommends customers immediately apply the latest hotfix or firmware update for their affected product versions to protect against these types of threats. Product specific fixes are available from the Symantec Enterprise Support site http://www.symantec.com/techsupp and, for some products, through LiveUpdate of firmware.
Symantec is not aware of any adverse customer impact from these issues.
CVE
The following Common Vulnerability and Exposure (CVE) names identify these issues:
CAN-2004-0230, Vulnerabilities in TCP/IP Could Allow Denial of Service - Breaking TCP Sessions with TCP Messages
CAN-2004-0790/0791, Vulnerabilities in TCP/IP Could Allow Denial of Service - Connection Resets on TCP from ICMP hard Unreachable messages
CAN-2004-1060, Vulnerabilities in TCP/IP Could Allow Denial of Service - ICMP Path MTU
These are candidates for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.
Credit
The NISCC advisory was based on research reported by Fernando Gont.
Symantec takes the security and proper functionality of its products very seriously. As founding members of the Organization for Internet Safety (OISafety), Symantec follows the principles of responsible disclosure. Symantec also subscribes to the vulnerability guidelines outlined by the National Infrastructure Advisory Council (NIAC). Please contact secure@symantec.com if you feel you have discovered a potential or actual security issue with a Symantec product. A Symantec Product Security team member will contact you regarding your submission.
Symantec has developed a Product Vulnerability Handling Process document outlining the process we follow in addressing suspected vulnerabilities in our products. We support responsible disclosure of all vulnerability information in a timely manner to protect Symantec customers and the security of the Internet as a result of vulnerability. This document is available from the location provided below.
Symantec strongly recommends using encrypted email for reporting vulnerability information to secure@symantec.com. The Symantec Product Security PGP key can be obtained from the location provided below.
Copyright (c) 2006 by Symantec Corp.
Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Symantec Security Response. Reprinting the whole or part of this alert in any medium other than electronically requires permission from secure@symantec.com.
Disclaimer
The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Symantec, Symantec products, Symantec Security Response, and SymSecurity are registered trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners.
Last modified on: Tuesday, 03-May-05 14:48:30
Symantec Vulnerability Response Policy
Symantec Product Vulnerability Management PGP Key