[ISN] Symantec Holes Open Up Firewalls to Attacks

InfoSec News isn at c4i.org
Fri Sep 24 03:34:13 EDT 2004 

http://www.eweek.com/article2/0,1759,1650425,00.asp

By Matthew Broersma 
September 23, 2004    

Symantec Corp. has warned of a string of security holes in its
Firewall/VPN Appliance and Gateway Security products, less than a
month after its last firewall security problems.

Three new bugs could allow a remote attacker to shut down a firewall
appliance, identify active services in the WAN (wide area network)  
interface and alter the firewall's configuration, Symantec said in a
Wednesday advisory. [1]

All three flaws, which Rigel Kent Security & Advisory Services
discovered, affect Symantec Firewall/VPN Appliance 100, 200 and 200R
models; Gateway Security 320, 360 and 360R are vulnerable to all but
one, a denial-of-service bug.

An attacker could cause the firewall products to stop responding by
exploiting an error within the connection handling via a port scan of
all WAN interface ports, according to security researcher Secunia,
which ranked the flaws as "highly critical." The second bug is found
in the firewall's default rule set, which allows an attacker to listen
for and identify UDP services, if a particular port is used.

The second flaw can be exploited together with a third bug involving
the SNMP (Simple Network Management Protocol) service to disclose and
manipulate the firewall's configuration, effectively bypassing
firewall security, researchers said.

As companies have grown ever more security-conscious and reliant on
complex protection systems, researchers have subjected products such
as VPNs and firewalls to increasing scrutiny.

Last month, Symantec warned of a flaw in its VPN and firewall server
products that could allow an attacker to take over affected systems
and gain access to corporate networks. That vulnerability lay in
LibKmp, which Entrust provides to third parties for use in VPN
products, meaning any LibKmp-based VPN was potentially affected.

In July, Internet Security Systems warned of a vulnerability in a wide
range of Check Point Software Technologies' VPN products, including
versions of VPN-1, FireWall-1, Provider-1 and SSL Network Extender.  
Check Point's enterprise security products are among the most widely
used on the Internet. Similar Check Point VPN holes also appeared in
February and May. In April, Cisco Systems disclosed a number of bugs
in its products, including its VPN hardware and software.

A serious bug in the Kerberos authentication system, revealed earlier
this month, also could have allowed access to protected corporate
networks.

[1] http://www.sarc.com/avcenter/security/Content/2004.09.22.html

More information about the ISN mailing list