CVE-2004-0375 | Vulnerability Database | Aqua Security

SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton Personal Firewall 2003 and 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 and 1.1 allow remote attackers to cause a denial of service (infinite loop) via a TCP packet with (1) SACK option or (2) Alternate Checksum Data option followed by a length of zero.

Affected Software

Name	Vendor	Start Version	End Version
Client_firewall	Symantec	5.01 (including)	5.01 (including)
Client_firewall	Symantec	5.1.1 (including)	5.1.1 (including)
Client_security	Symantec	1.0 (including)	1.0 (including)
Client_security	Symantec	1.1 (including)	1.1 (including)
Norton_internet_security	Symantec	2003 (including)	2003 (including)
Norton_internet_security	Symantec	2004 (including)	2004 (including)
Norton_personal_firewall	Symantec	2003 (including)	2003 (including)
Norton_personal_firewall	Symantec	2004 (including)	2004 (including)

References

http://marc.info/?l=bugtraq\u0026m=108275582432246\u0026w=2
http://securitytracker.com/id?1009379
http://securitytracker.com/id?1009380
http://www.eeye.com/html/Research/Upcoming/20040309.html
http://www.securityfocus.com/bid/9912
http://www.symantec.com/avcenter/security/Content/2004.04.20.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/15433
https://exchange.xforce.ibmcloud.com/vulnerabilities/15936

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-0375
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html