Bugs Found in Symantec Firewalls

Symantec Corp., one of the major security companies, announced four vulnerabilities in its client-based firewall products today.

The problems, which were reported to Symantec by eEye Digital Security, a network security vendor, affect Windows systems. Symantec reports that by properly exploiting these issues, an attacker could render the targeted system inoperable or execute remote code with kernel-level privileges on the targeted system.

All issues occur within routines in the SYMDNS.SYS component, according to a statement posted on the Symantec site.

Products affected include Symantec Client Firewall versions 5.0.0 through 5.1.1; Symantec Client Security 1.0.0, 1.1.0 and 2.0.0; Norton AntiSpam 2004; Norton Internet Security 2002 through 2004; and Norton Internet Security Professional Edition 2002 through 2004.

Symantec confirmed the vulnerabilities exist in the consumer and corporate Symantec Client Firewall applications, as well as in Symantec’s Norton AntiSpam 2004 application. Symantec product engineers have developed fixes for the issues and released patches for all impacted products through Symantec LiveUpdate and technical support channels.

Clients running consumer versions of the affected products who regularly run a manual Symantec LiveUpdate should already be protected against this issue. However, to be sure they are fully protected, customers should manually run Symantec LiveUpdate to ensure all available updates are installed.

Clients running the corporate versions of Symantec Client Firewall or Symantec Client Security should download and apply patches obtained through their appropriate support channels.

Symantec analysts say they are not aware of any active attempts to exploit the vulnerabilities.