SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton Personal Firewall 2003 and 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 and 1.1 allow remote attackers to cause a denial of service (infinite loop) via a TCP packet with (1) SACK option or (2) Alternate Checksum Data option followed by a length of zero.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Client_firewall | Symantec | 5.01 (including) | 5.01 (including) |
| Client_firewall | Symantec | 5.1.1 (including) | 5.1.1 (including) |
| Client_security | Symantec | 1.0 (including) | 1.0 (including) |
| Client_security | Symantec | 1.1 (including) | 1.1 (including) |
| Norton_internet_security | Symantec | 2003 (including) | 2003 (including) |
| Norton_internet_security | Symantec | 2004 (including) | 2004 (including) |
| Norton_personal_firewall | Symantec | 2003 (including) | 2003 (including) |
| Norton_personal_firewall | Symantec | 2004 (including) | 2004 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=108275582432246\u0026w=2
- http://securitytracker.com/id?1009379
- http://securitytracker.com/id?1009380
- http://www.eeye.com/html/Research/Upcoming/20040309.html
- http://www.securityfocus.com/bid/9912
- http://www.symantec.com/avcenter/security/Content/2004.04.20.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15433
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15936
- http://marc.info/?l=bugtraq\u0026m=108275582432246\u0026w=2
- http://securitytracker.com/id?1009379
- http://securitytracker.com/id?1009380
- http://www.eeye.com/html/Research/Upcoming/20040309.html
- http://www.securityfocus.com/bid/9912
- http://www.symantec.com/avcenter/security/Content/2004.04.20.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15433
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15936