-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec Security Advisory SYM04-013 22 September, 2004 Symantec Enterprise Firewall/VPN and Gateway Security 300 Series Appliances Multiple Issues Revision History None Risk Impact High Overview Symantec resolved three high-risk vulnerabilities that had been identified in the Symantec Firewall/VPN Appliance 100, 200 and 200R models. The Symantec Gateway Security 320, 360 and 360R are vulnerable to only two of the issues, which have been resolved. All of these vulnerabilities are remotely exploitable and can allow an attacker to perform a denial of service attack against the firewall appliance, identify active services in the WAN interface, and exploit one of these services to collect and alter the firewall's configuration. All three vulnerabilities are addressed and resolved in available updated firmware release builds. Affected Components Symantec Firewall/VPN Appliance 100 (firmware builds prior to build 1.63) Symantec Firewall/VPN Appliance 200/200R (firmware builds prior to build 1.63) Symantec Gateway Security 320 (firmware builds prior to build 622) Symantec Gateway Security 360/360R (firmware builds prior to build 622) Details Rigel Kent Security & Advisory Services notified Symantec of three high-risk vulnerabilities they identified in the Symantec Firewall/VPN Appliance during an assessment. All are remotely exploitable and could allow an attacker to perform a denial of service (DoS) attack against the firewall appliance, identify active services in the WAN interface, and exploit one of the identified services to collect and alter the firewall?s configuration. The Symantec Firewall/VPN Appliances, models 100, 200 and 200R are vulnerable to all three issues. The Symantec Gateway Security models 320, 360 and 360R are not vulnerable to the Denial of Service issue but have been validated as being vulnerable to the other two issues. Symantec Response Symantec confirmed the vulnerabilities mentioned above and coordinated extensively with Rigel Kent Security & Advisory Services to finalize and thoroughly test the fixes for Symantec?s affected products. Symantec has released firmware builds labeled 1.63 for Symantec Firewall/VPN Appliance models100, 200 and 200R. Symantec has also released firmware builds 622 for the Symantec Gateway Security Appliance models 320, 360 and 360R that fix the two issues impacting those products. NOTE: The Symantec Gateway Security 300 series appliances are not vulnerable to the DoS issue. Symantec strongly recommends customers apply the appropriate firmware for their affected product models/versions immediately to protect against these types of threat. Product specific firmware and hotfixes are available via the Symantec Enterprise Support site http://www.symantec.com/techsupp. Symantec is not aware of any active attempts against or organizations impacted by this issue. CVE CVE candidate numbers have been requested from The Common Vulnerabilities and Exposures (CVE) initiative. This advisory will be revised as required once CVE candidate numbers have been assigned. These issues are candidates for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. Credit: Symantec appreciates the actions of Mike Sues and the Rigel Kent Security & Advisory team in identifying these issues, notifying Symantec, and their extensive cooperation and coordination while Symantec worked to resolve all issues. Symantec Product Security Contact: Symantec takes the security and proper functionality of its products very seriously. As founding members in the Organization for Internet Safety, Symantec follows the process of responsible disclosure. Symantec also subscribes to the vulnerability guidelines outlined by the National Infrastructure Advisory Council (NIAC). Please contact secure@xxxxxxxxxxxx if you feel you have discovered a potential or actual security issue with a Symantec product. Symantec strongly recommends using encrypted email for reporting vulnerability information to secure@xxxxxxxxxxxxx The Symantec Product Security PGP key can be obtained here. - ---------------------------------------------------------------------- - ---------- Copyright (c) 2004 by Symantec Corp. Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Symantec Security Response. Reprinting the whole or parts of this alert in any medium other than electronically requires permission from symsecurity@xxxxxxxxxxxxx Disclaimer The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. Symantec, Symantec products, and SymSecurity are registered trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners. -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.2 iQA/AwUBQVHo6gLsezw0Sg5hEQK7bgCfQDf1of2TatZuI/qTPV0qzO6eqAcAnRaP tKBGjVPOtzGwh2pNhS9mTg/s =BYzP -----END PGP SIGNATURE-----
