|
|
|
|
| |
| There exists a problem in "Simple, secure webserver 1.1" that is shipped with numerous Symantec firewalls, the vulnerabilities allows a remote attacker to cause the webserver/proxy to stall new incoming requests, effectively causing a denial of service attack against the product. |
| |
Credit:
The information has been provided by AI-SEC Security Advisories.
|
| |
Versions affected:
* Raptor Firewall 6.5 (Windows NT)
* Raptor Firewall V6.5.3 (Solaris)
* Symantec Enterprise Firewall 6.5.2 (Windows 2000 and NT)
* Symantec Enterprise Firewall V7.0 (Solaris)
* Symantec Enterprise Firewall 7.0 (Windows 2000 and NT)
* VelociRaptor Model 500/700/1000
* VelociRaptor Model 1100/1200/1300
* Symantec Gateway Security 5110/5200/5300
An attacker can connect to the proxy server from the outside, and issue a HTTP-style CONNECT to a domain with a missing, or flawed DNS-server. This will cause the "Simple, secure webserver 1.1" to wait for a timeout while it tries to contact the DNS server, and while doing so the software does not fork and thereby queues or drops all new requests coming from other clients. The timeout usually last up to 300 seconds. Sending subsequent requests for other hostnames in the same flawed domain will force the "Simple, secure webserver 1.1" to stop processing requests for a long time.
The exploit works regardless if the domain name in question is allowed or not in the ACL.
Workarounds:
Apply official patch from Symantec.
Solutions:
Apply official patch from Symantec, or disable Simple, secure webserver.
Patch:
Download the patch published at: http://www.symantec.com/techsupp
Vendor status:
Symantec was contacted 22, August 2002. Symantec promptly tested and confirmed AI-SEC Security findings, and immediately started working on a patch for their customer base.
|
|
|
|
|
|
|
|
|
|
