J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1537
    posted: 11/06/09
  • NSM Daily Update #1537
    posted: 11/06/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1537
    posted: 11/06/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/06/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/05/09

Title: Symantec Client Firewall NetBIOS Handler Remote Heap Overflow Vulnerability

Severity: CRITICAL

Description:

Symantec Client Firewall products have been reported prone to a remote heap memory corruption vulnerability.

The issue is reported to exist due to insecure memory management when handling NetBIOS Name Service (NBNS) response data. It is possible to exploit the issue with malicious UDP NBNS response packets, that may specify source port 137.

The issue exists in the SYMDNS.SYS file, which also provide its own implementation for managing heap memory. The reported cause of the vulnerability is that NBNS response data may be copied into adjacent heap memory due to the byte ordering of certain data fields within the packet. This issue can be triggered if certain Answer Resource Record fields are omitted from the packet, such as Type, Class, Time-To-Live and Data Length. This vulnerability will result in the corruption of inline heap memory management structures that are located in adjacent blocks of heap memory.

It is reported that code execution would occur with SYSTEM/kernel level privileges. Failed exploitation attempts will likely result in a denial of service, since the system may crash.

Affected Products:

  • Symantec Client Firewall 5.0.0 1
  • Symantec Client Firewall 5.1.1
  • Symantec Client Security 1.0.0
  • Symantec Client Security 1.1.0
  • Symantec Client Security 2.0.0 (SCF 7.1)
  • Symantec Norton AntiSpam 2004
  • Symantec Norton Internet Security 2002
  • Symantec Norton Internet Security 2002 Professional Edition
  • Symantec Norton Internet Security 2003
  • Symantec Norton Internet Security 2003 Professional Edition
  • Symantec Norton Internet Security 2004
  • Symantec Norton Internet Security 2004 Professional Edition
  • Symantec Norton Personal Firewall 2002
  • Symantec Norton Personal Firewall 2003
  • Symantec Norton Personal Firewall 2004

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.