eEye Security Advisory - eEye Digital Security has discovered a critical remote vulnerability within the Symantec firewall product line. A buffer overflow exists within a core driver component that handles the processing of DNS (Domain Name Service) requests and responses. By sending a DNS Resource Record with an overly long canonical name, a traditional stack-based buffer overflow is triggered. Successful exploitation of this flaw yields remote KERNEL access to the system. With the ability to freely execute code at the Ring 0 privilege level, there are literally no boundaries for an attacker. It should also be noted, that due to a separate design flaw in the firewalls handling of incoming packets, this attack can be successfully performed with all ports filtered, and all intrusion rules set. Systems Affected: Symantec Norton Internet Security 2002/2003/2004, Symantec Norton Internet Security Professional 2002/2003/2004, Symantec Norton Personal Firewall 2002/2003/2004, Symantec...
eEye Security Advisory - eEye Digital Security has discovered a critical remote vulnerability within the Symantec firewall product line. A buffer overflow exists within a core driver component that handles the processing of DNS (Domain Name Service) requests and responses. By sending a DNS Resource Record with an overly long canonical name, a traditional stack-based buffer overflow is triggered. Successful exploitation of this flaw yields remote KERNEL access to the system. With the ability to freely execute code at the Ring 0 privilege level, there are literally no boundaries for an attacker. It should also be noted, that due to a separate design flaw in the firewalls handling of incoming packets, this attack can be successfully performed with all ports filtered, and all intrusion rules set. Systems Affected: Symantec Norton Internet Security 2002/2003/2004, Symantec Norton Internet Security Professional 2002/2003/2004, Symantec Norton Personal Firewall 2002/2003/2004, Symantec Client Firewall 5.01/5.1.1, Symantec Client Security 1.0/1.1/2.0(SCF 7.1), and Symantec Norton AntiSpam 2004.
