Denial of Service Vulnerability in Symantec LiveUpdate by Symantec
CVE-2001-1126

Currently unrated

Key Information:

Vendor: Symantec
Status: Liveupdate
Vendor: CVE Published:; 5 October 2001

What is CVE-2001-1126?

Symantec LiveUpdate versions 1.4 to 1.6, and potentially later ones, are exposed to a vulnerability that allows remote attackers to execute a denial of service attack. This is achieved through DNS spoofing of the update.symantec.com domain, causing disruptions in the update process. The attack can flood the service and prevent legitimate users from receiving critical updates, thereby exposing systems to additional risks.

References

http://www.securityfocus.com/bid/3413

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/218717

mailing-listx_refsource_BUGTRAQ

http://www.sarc.com/avcenter/security/Content/2001.10.05....

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Mar 15, 2002
Vulnerability published
Oct 5, 2001