# Symantec Firewall/VPN Products Multiple Vulnerabilities (Highly critical)



## jgvernonco

Symantec Firewall/VPN Products Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA12635

VERIFY ADVISORY:
http://secunia.com/advisories/12635/

CRITICAL:
Highly critical

IMPACT:
Security Bypass, Manipulation of data, DoS

WHERE:
From remote

SOFTWARE:
Symantec Gateway Security 2.x
http://secunia.com/product/3104/
Symantec Firewall/VPN Appliance 100/200/200R
http://secunia.com/product/552/

DESCRIPTION:
Rigel Kent Security & Advisory Services has reported some
vulnerabilities in various Symantec Firewall/VPN products, which can
be exploited by malicious people to cause a DoS (Denial of Service),
identify active services, and manipulate the firewall configuration.

1) An error within the connection handling can be exploited to cause
the firewall to stop responding via a UDP port scan of all ports on
the WAN interface.

This vulnerability affect the following products:
* Symantec Firewall/VPN Appliance 100 (firmware builds prior to build
1.63)
* Symantec Firewall/VPN Appliance 200/200R (firmware builds prior to
build 1.63)

2) An access control error in the default firewall ruleset causes any
incoming UDP traffic from port 53 to be accepted. This makes it
possible for a malicious person to port scan a system for listening
UDP services on the WAN interface and communicate with these by using
port 53/udp as source port.

This vulnerability affect the following products:
* Symantec Firewall/VPN Appliance 100 (firmware builds prior to build
1.63)
* Symantec Firewall/VPN Appliance 200/200R (firmware builds prior to
build 1.63)
* Symantec Gateway Security 320 (firmware builds prior to build 622)
* Symantec Gateway Security 360/360R (firmware builds prior to build
622)

3) The default SNMP read/write community strings can't be changed nor
can the SNMP service be disabled. This can be exploited in combination
with vulnerability #2 to disclose and manipulate the firewall
configuration via the SNMP service.

This vulnerability affect the following products:
* Symantec Firewall/VPN Appliance 100 (firmware builds prior to build
1.63)
* Symantec Firewall/VPN Appliance 200/200R (firmware builds prior to
build 1.63)
* Symantec Gateway Security 320 (firmware builds prior to build 622)
* Symantec Gateway Security 360/360R (firmware builds prior to build
622)

SOLUTION:
Apply updated firmware builds.

Symantec Firewall/VPN Appliance 100:
ftp://ftp.symantec.com/public/updates/vpn100_163_all.zip

Symantec Firewall/VPN Appliance 200:
ftp://ftp.symantec.com/public/updates/vpn200_163_all.zip

Symantec Firewall/VPN Appliance 200R:
ftp://ftp.symantec.com/public/updates/vpn200R_163_all.zip

Symantec Gateway Security 300 Series:
ftp://ftp.symantec.com/public/engli...urity/300-Series_2.0/updates/build622_LU2.zip

PROVIDED AND/OR DISCOVERED BY:
Rigel Kent Security & Advisory Services

ORIGINAL ADVISORY:
http://www.sarc.com/avcenter/security/Content/2004.09.22.html


----------

