- 12 myths about how the Internet works
- Smartphone smackdown: Storm vs. iPhone
- IETF: Should we ignore the Kaminsky bug?
- Top 10 wicked cool algorithms
- How to recession-proof yourself
A flaw discovered in a common component of Symantec's firewall technology leaves a number of that company's products vulnerable to denial-of-service attacks, according to a bulletin released by the company and by Advanced IT Security AS, a security services firm with headquarters in Copenhagen, Denmark.
The security hole was discovered in the Web proxy component of Symantec's Enterprise Firewall product, also known as "Simple Secure Webserver 1.1."
The vulnerability concerns the way the Web server handles requests for URLs, addresses used to access Web pages and other resources on the Internet.
According to a security advisory posted on Advanced IT Security's Web site, requests from an attacker for registered but unavailable Internet domains cause the Symantec Web server to pause for as long as five minutes waiting for a reply. During that time, the entire firewall ceases to respond to other, legitimate requests, affecting not only Web traffic to the domain that would go through the firewall, but other types of Internet traffic as well, according to Tommy Mikalsen, CTO of Advanced IT.
Symantec issued a bulletin and a patch Monday for the affected products on its Web page and advises its customers to keep their products and operating systems updated with the latest software patches.
There appears to be disagreement between Advanced IT and Symantec, however, on the scope of the problem. Symantec's advisory states that only requests related to URLs featuring the domain protected by the Symantec firewall - as opposed to any domain on the Internet - would produce the timeout. Advanced IT claims that URLs featuring any Internet domain will cause the firewall to fail, according to Mikalsen.
To take advantage of the flaw, attackers would need to, for example, turn off DNS services for an existing domain under their control, then issue a flood of requests to the targeted Symantec firewall for that domain, according to Mikalsen.
Because the Web server is a common component of Symantec's firewall technology, the vulnerability reported by Advanced IT Security affects a wide range of Symantec's products. In its security alert, Symantec listed the Raptor Firewall for Windows NT and Solaris; the Symantec Enterprise Firewall for Windows 2000, Windows NT, and Solaris; the VelociRaptor models 500, 700, 1000, 1100, 1200, and 1300; and the Symantec Gateway Security 5110, 5200, and 5300 products as affected by the vulnerability.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment