Denial of Service Vulnerability in Symantec Norton Internet Security and Firewall Products
CVE-2004-0375

Currently unrated

Key Information:

Vendor: Symantec
Status: Norton Personal Firewall; Client Firewall; Norton Internet Security; Client Security
Vendor: CVE Published:; 18 August 2004

Summary

The vulnerability in SYMNDIS.SYS component of Symantec's Norton Internet Security and Firewall products allows remote attackers to trigger a denial of service condition. This can be achieved through a specially crafted TCP packet utilizing the SACK option or Alternate Checksum Data option, followed by a packet length of zero, potentially leading to an infinite loop. Users of affected versions should ensure they apply the relevant patches to mitigate these risks.

References

http://securitytracker.com/id?1009379

vdb-entryx_refsource_SECTRACK

http://www.symantec.com/avcenter/security/Content/2004.04...

x_refsource_CONFIRM

http://securitytracker.com/id?1009380

vdb-entryx_refsource_SECTRACK

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 18, 2004
Vulnerability Reserved
Mar 29, 2004