Title: Symantec Enterprise Firewall Notify Daemon SNMP Data Loss Vulnerability
Severity: MODERATE
Description:
The Symantec Enterprise Firewall (SEP) is a high performance firewall solution, and is available for both Windows and Solaris systems. SEP includes a notification mechanism for important log messages, which is implemented through the Notify Daemon. It is possible to send notifcations to a specified server through SNMP traps.
The SNMP reporting mechanism may, under some circumstances, fail to forward messages. This may occur when the message is over 1024 characters. When messages are dropped in this manner, a message is logged within the firewall audit trail. This error message is, however, not forwarded through the SNMP notification system.
Exploitation of this vulnerability may result in lost information, possibly allowing an attack against the firewall or internal systems to go undetected if the administrator has configured to send the notifications via SNMP only.
Other versions of Symantec Enterprise Firewall may share this vulnerability.
Affected Products:
- Symantec Enterprise Firewall 6.5.2 NT/2000
- Symantec Enterprise Firewall 7.0.0 NT/2000
- Symantec Enterprise Firewall 7.0.0 Solaris
References:
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
