CVE-2004-0375

SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton Personal Firewall 2003 and 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 and 1.1 allow remote attackers to cause a denial of service (infinite loop) via a TCP packet with (1) SACK option or (2) Alternate Checksum Data option followed by a length of zero.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/9912	Exploit Vendor Advisory
http://www.symantec.com/avcenter/security/Content/2004.04.20.html
http://www.eeye.com/html/Research/Upcoming/20040309.html
http://securitytracker.com/id?1009379
http://securitytracker.com/id?1009380
http://marc.info/?l=bugtraq&m=108275582432246&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/15936
https://exchange.xforce.ibmcloud.com/vulnerabilities/15433

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:symantec:norton_internet_security:2004:::::::*
	cpe:2.3:a:symantec:norton_internet_security:2004::pro:::::
	cpe:2.3:a:symantec:norton_internet_security:2003:::::::*
	cpe:2.3:a:symantec:norton_internet_security:2003::pro:::::
	cpe:2.3:a:symantec:client_security:1.0:::::::*
	cpe:2.3:a:symantec:client_security:1.1:::::::*
	cpe:2.3:a:symantec:client_firewall:5.01:::::::*
	cpe:2.3:a:symantec:client_firewall:5.1.1:::::::*
	cpe:2.3:a:symantec:norton_personal_firewall:2003:::::::*
	cpe:2.3:a:symantec:norton_personal_firewall:2004:::::::*

Information

Published : 2004-08-17 21:00

Updated : 2017-07-10 18:30

NVD link : CVE-2004-0375

Mitre link : CVE-2004-0375

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

symantec

client_security
norton_personal_firewall
norton_internet_security
client_firewall

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/9912", "name": "9912", "tags": ["Exploit", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://www.symantec.com/avcenter/security/Content/2004.04.20.html", "name": "http://www.symantec.com/avcenter/security/Content/2004.04.20.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.eeye.com/html/Research/Upcoming/20040309.html", "name": "http://www.eeye.com/html/Research/Upcoming/20040309.html", "tags": [], "refsource": "MISC"}, {"url": "http://securitytracker.com/id?1009379", "name": "1009379", "tags": [], "refsource": "SECTRACK"}, {"url": "http://securitytracker.com/id?1009380", "name": "1009380", "tags": [], "refsource": "SECTRACK"}, {"url": "http://marc.info/?l=bugtraq&m=108275582432246&w=2", "name": "20040423 EEYE: Symantec Multiple Firewall TCP Options Denial of Service", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15936", "name": "symantec-firewall-tcp-dos(15936)", "tags": [], "refsource": "XF"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15433", "name": "norton-firewalls-dos(15433)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton Personal Firewall 2003 and 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 and 1.1 allow remote attackers to cause a denial of service (infinite loop) via a TCP packet with (1) SACK option or (2) Alternate Checksum Data option followed by a length of zero."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-0375", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2004-08-18T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:symantec:norton_internet_security:2004:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:norton_internet_security:2004:*:pro:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:norton_internet_security:2003:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:norton_internet_security:2003:*:pro:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:client_security:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:client_security:1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:client_firewall:5.01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:client_firewall:5.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:norton_personal_firewall:2003:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:norton_personal_firewall:2004:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:30Z"}