Home page  
Contact Us Get info on Training Get info on Services Course registration
 
    Training  
     

 

Our teamPenetration testingExploitation software developmentApplication securityAdvisory servicesTools & resourcesArticles

 

Advisory # RK-001-04

September 22, 2004

"Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products"

Platform:

Symantec Enterprise Firewall/VPN Appliances 100, 200, 200R
Symantec Gateway Security 320
Symantec Gateway Security 320, 360, 360R

Version:

100, 200, 200R
 

Prior to firmware build 1.63

320, 360, 360R
 

Prior to build 622

Configuration:

Default

Abstract:

Three high-risk vulnerabilities have been identified in the Symantec Enterprise Firewall products and two in the Gateway products. All are remotely exploitable and allow an attacker to perform a denial of service attack against the firewall, identify active services in the WAN interface and exploit the use of default community strings in the SNMP service to collect and alter the firewall or gateway's configuration. Moreover, the administrative interface for the firewall does not allow the operator to disable SNMP nor change the community strings. The Gateway Security products are vulnerable to all but the denial of service issue.

Countermeasure:

100, 200, 200R

Install firmware build 1.63

320, 360, 360R

Install firmware build 622

Credits:

Rigel Kent Security & Advisory Services would like to thank Symantec for their prompt response and action (Symantec Advisory).