WelcomeEnterpriseSmall BusinessHome & Home OfficePartnersAbout Symantec
SYM04-013
September 22, 2004
Symantec Enterprise Firewall/VPN and Gateway Security 300 Series Appliances Multiple Issues

Revision History
12/28/2004 - Added vulnerability and fix information for the legacy Nexland Firewall Appliances prior to firmware release 16U, that are also affected by all three issues described in this advisory. Added update information for firmware build 16U to address the issues in the Nexland Firewall Appliances.

Risk Impact
High

Overview
Symantec resolved three high-risk vulnerabilities that had been identified in the Symantec Firewall/VPN Appliance 100, 200 and 200R models. The Symantec Gateway Security 320, 360 and 360R are vulnerable to only two of the issues, which have been resolved. Additionally, legacy Nexland Firewall Appliances are affected by these issues.
All of these vulnerabilities are remotely exploitable and can allow an attacker to perform a denial of service attack against the firewall appliance, identify active services in the WAN interface, and exploit one of these services to collect and alter the firewall's configuration. All three vulnerabilities are addressed and resolved in available updated firmware release builds.

Affected Components
Symantec Firewall/VPN Appliance 100 (firmware builds prior to build 1.63)
Symantec Firewall/VPN Appliance 200/200R (firmware builds prior to build 1.63)
Symantec Gateway Security 320 (firmware builds prior to build 622)
Symantec Gateway Security 360/360R (firmware builds prior to build 622)
Nexland ISB SOHO Firewall Appliance(firmware builds prior to build 16U)
Nexland Pro100, Pro400 Firewall Appliances (firmware builds prior to build 16U)
Nexland Pro800, Pro800turbo Firewall Appliances (firmware builds prior to build 16U)
Nexland WaveBase Firewall Appliances (firmware builds prior to build 16U)

Details
Rigel Kent Security & Advisory Services notified Symantec of three high-risk vulnerabilities they identified in the Symantec Firewall/VPN Appliance during an assessment. Additional research also shows that the legacy Nexland Firewall Appliances, now supported by Symantec, are also affected. All vulnerabilities are remotely exploitable and could allow an attacker to perform a denial of service (DoS) attack against the firewall appliance, identify active services in the WAN interface, and exploit one of the identified services to collect and alter the firewall's configuration. The Symantec Firewall/VPN Appliances, models 100, 200 and 200R are vulnerable to all three issues. The Nexland ISB SOHO, Pro100, Pro400, Pro800, Pro800turbo and the Nexland WaveBase Firewall Appliances are vulnerable as well to all three reported issues. The Symantec Gateway Security models 320, 360 and 360R are not vulnerable to the Denial of Service issue but have been validated as being vulnerable to the other two issues.

Symantec Response
Symantec confirmed the vulnerabilities mentioned above and coordinated extensively with Rigel Kent Security & Advisory Services to finalize and thoroughly test the fixes for Symantec's affected products.

Symantec has released firmware builds labeled 1.63 for Symantec Firewall/VPN Appliance models100, 200 and 200R. Symantec has also released firmware builds 622 for the Symantec Gateway Security Appliance models 320, 360 and 360R that fix the two issue impacting those products.

Symantec has released firmware build 16U for the Nexland Firewall Appliances that addresses these issues impacting the Nexland appliances.

NOTE: The Symantec Gateway Security 300 series appliances are not vulnerable to the DoS issue.

Symantec strongly recommends customers apply the appropriate firmware for their affected product models/versions immediately to protect against these types of threat.

Product specific firmware and hotfixes are available via the Symantec Enterprise Support site http://www.symantec.com/techsupp.

Symantec is not aware of any active attempts against or organizations impacted by this issue.

CVE
CVE candidate numbers have been requested from The Common Vulnerabilities and Exposures (CVE) initiative. This advisory will be revised as required once CVE candidate numbers have been assigned. These issues are candidates for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.

Credit:
Symantec appreciates the actions of Mike Sues and the Rigel Kent Security & Advisory team in identifying these issues, notifying Symantec, and their extensive cooperation and coordination while Symantec worked to resolve all issues. Symantec also appreciates the efforts of Arthur Hagen, Broomstick.com, in working through Rigel Kent Security & Advisory to identify these issues in the Nexland Appliances.


Symantec takes the security and proper functionality of our products very seriously. As founding members of the Organization for Internet Safety (OISafety), Symantec supports and follows the principles of responsible disclosure. Symantec also subscribes to the vulnerability disclosure guidelines outlined by the National Infrastructure Advisory Council (NIAC).

Please contact secure@symantec.com if you feel you have discovered a security issue in a Symantec product. A Symantec Product Security team member will contact you regarding your submission. Symantec strongly recommends using encrypted email for reporting vulnerability information to secure@symantec.com. The Symantec Product Security PGP key can be found at the end of this message.

Symantec has developed a Product Vulnerability Response document outlining the process we follow in addressing suspected vulnerabilities in our products. This document is available below.

Symantec-Product-Vulnerability-Response Symantec Vulnerability Response Policy Symantec Product Vulnerability Management PGP Key Symantec Product Vulnerability Management PGP Key


Copyright (c) 2009 by Symantec Corp.
Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Symantec Security Response. Reprinting the whole or part of this alert in any medium other than electronically requires permission from secure@symantec.com.

Disclaimer
The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.

Symantec, Symantec products, Symantec Security Response, and secure@symantec.com are registered trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners.


Last modified on: Tuesday, 28-Dec-04 17:49:28