Datamation Logo

Security Flaw Found In Symantec Firewalls

Home Security
thumbnail Paul Desmond
By Paul Desmond
August 7, 2002
Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More .

A number of Symantec firewalls, including popular Raptor models, have a security flaw that renders networks protected by the systems vulnerable to intrusion.

The flaw was disclosed to Symantec on July 3 by Ubizen, a security services provider that, ironically, soon after became a Symantec competitor. On July 17, Symantec announced it was acquiring Riptech, another security services provider.

Nonetheless, Ubizen worked with Symantec’s Security Response Team to resolve the issue, which centers on how Raptor firewalls generate Initial Sequence Numbers (ISNs), which are used to identify IP sessions.

Ubizen says the Symantec firewalls use an algorithm that generates ISNs that are not sufficiently random, making it possible to predict — within certain parameters — the next number in a sequence. With that information, a hacker can hijack the session and gain access to internal resources.

This type of vulnerability is far from new; Microsoft issued patches for the same vulnerability to its Windows NT 4.0 systems back in 1999. Ubizen found the flaw because it had a homegrown tool made to sample ISNs to ensure they are random enough to thwart an attempted break-in.

Ubizen worked with Symantec to come up with a patch for its firewalls. The patch is available at http://securityresponse.symantec.com.

Symantec firewalls affected by the flaw are:

  • Raptor Firewall 6.5 for Windows NT and 6.5.3 for Solaris
  • Symantec Enterprise Firewall 6.5.2 on Windows 2000 and NT; and version 7.0 on Solaris, Windows NT and NT
  • VelociRaptor Models 500, 700, 1000, 1100, 1200 and 1300
  • Symantec Gateway Security 5110, 5200 and 5300.   SEE ALL
    ARTICLES      
    • Previous Article
    Security Flaw Found In Symantec Firewalls
    Next Article
    Microsoft Patches ‘Critical’ Vulnerability

    Subscribe to Data Insider

    Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

    Similar articles

    thumbnail AI in Cybersecurity: The Comprehensive Guide to Modern Security

    AI in Cybersecurity: The Comprehensive Guide to Modern Security

    AI
    thumbnail What Is Cybersecurity? Definitions, Practices, Threats

    What Is Cybersecurity? Definitions, Practices, Threats

    Security
    thumbnail How to Secure a Network: 9 Key Actions to Secure Your Data

    How to Secure a Network: 9 Key Actions to Secure Your Data

    Security
    Datamation Logo

    Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.

    Advertisers

    Advertise with TechnologyAdvice on Datamation and our other data and technology-focused platforms.

    Advertise with Us

    Our Brands

    Technologyadvice
    ServerWatch
    TechRepublic
    Enterprise Networking Planet
    eWeek
    Project Management
    eSecurity Planet
    IT Business Edge
    Privacy Policy Terms & Conditions About Contact Advertise California - Do Not Sell My Information

    Property of TechnologyAdvice.
    © 2025 TechnologyAdvice. All Rights Reserved

    Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.