CVE-2004-0375

Severity

50%

Complexity

99%

Confidentiality

48%

SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton Personal Firewall 2003 and 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 and 1.1 allow remote attackers to cause a denial of service (infinite loop) via a TCP packet with (1) SACK option or (2) Alternate Checksum Data option followed by a length of zero.

SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton Personal Firewall 2003 and 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 and 1.1 allow remote attackers to cause a denial of service (infinite loop) via a TCP packet with (1) SACK option or (2) Alternate Checksum Data option followed by a length of zero.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

Type

Symantec Symantec Client

First reported 20 years ago

2004-08-18 04:00:00

Last updated 7 years ago

2017-07-11 01:30:00

Affected Software

Symantec Symantec Client Firewall 5.01

5.01

Symantec Symantec Client Firewall 5.1.1

5.1.1

Symantec Symantec Client Security 1.0

1.0

References

20040423 EEYE: Symantec Multiple Firewall TCP Options Denial of Service

1009379

1009380

http://www.eeye.com/html/Research/Upcoming/20040309.html

9912

Exploit, Vendor Advisory

http://www.symantec.com/avcenter/security/Content/2004.04.20.html

norton-firewalls-dos(15433)

symantec-firewall-tcp-dos(15936)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.