CVE-2004-0444
CVSS10.0
发布时间 :2004-07-07 00:00:00
修订时间 :2008-09-10 15:26:23
NMCOS    

[原文]Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet Security and Professional 2002 through 2004, Norton Personal Firewall 2002 through 2004, Norton AntiSpam 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 through 2.0 allow remote attackers to cause a denial of service or execute arbitrary code via (1) a manipulated length byte in the first-level decoding routine for NetBIOS Name Service (NBNS) that modifies an index variable and leads to a stack-based buffer overflow, (2) a heap-based corruption problem in an NBNS response that is missing certain RR fields, and (3) a stack-based buffer overflow in the DNS component via a Resource Record (RR) with a long canonical name (CNAME) field composed of many smaller components.


[CNNVD]Symantec Client Firewall NETBIOS处理远程堆溢出漏洞(CNNVD-200407-017)

        
        Symantec Client Firewall是适用与Windows的桌面防火墙。
        Symantec Client Firewall在处理NetBIOS名字服务应答数据缺少充分边界检查,远程攻击者可以利用这个漏洞对防火墙进行基于堆的溢出攻击,可能以SYSTEM进程权限在系统上执行任意指令。
        SYMDNS.SYS驱动的产品当从包中读取应答数据时对NetBIOS名字服务应答时存在问题,在拷贝这些数据使破坏内存中堆的结构,攻击者可以构建恶意数据发送到受此漏洞影响的UDP 137端口,可发生拒绝服务攻击。存在执行任意指令的可能。
        

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:symantec:norton_personal_firewall:2004
cpe:/a:symantec:norton_personal_firewall:2003
cpe:/a:symantec:norton_internet_security:2004
cpe:/a:symantec:client_security:2.0
cpe:/a:symantec:norton_internet_security:2002
cpe:/a:symantec:norton_internet_security:2003::pro
cpe:/a:symantec:client_security:1.0Symantec Symantec Client Security 1.0
cpe:/a:symantec:client_security:1.6
cpe:/a:symantec:client_security:1.8
cpe:/a:symantec:client_security:1.7
cpe:/a:symantec:norton_personal_firewall:2002
cpe:/a:symantec:client_security:1.3
cpe:/a:symantec:norton_internet_security:2003
cpe:/a:symantec:client_firewall:5.01Symantec Symantec Client Firewall 5.01
cpe:/a:symantec:norton_internet_security:2004::pro
cpe:/a:symantec:norton_internet_security:2002::pro
cpe:/a:symantec:client_security:1.9
cpe:/a:symantec:client_security:1.1
cpe:/a:symantec:client_security:1.2
cpe:/a:symantec:client_security:1.5
cpe:/a:symantec:norton_antispam:2004
cpe:/a:symantec:client_firewall:5.1.1Symantec Symantec Client Firewall 5.1.1
cpe:/a:symantec:client_security:1.4

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0444
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0444
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200407-017
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/634414
(VENDOR_ADVISORY)  CERT-VN  VU#634414
http://www.kb.cert.org/vuls/id/294998
(VENDOR_ADVISORY)  CERT-VN  VU#294998
http://www.kb.cert.org/vuls/id/637318
(UNKNOWN)  CERT-VN  VU#637318
http://www.securityfocus.com/bid/10335
(UNKNOWN)  BID  10335
http://www.securityfocus.com/bid/10334
(UNKNOWN)  BID  10334
http://www.securityfocus.com/bid/10333
(UNKNOWN)  BID  10333
http://securityresponse.symantec.com/avcenter/security/Content/2004.05.12.html
(UNKNOWN)  CONFIRM  http://securityresponse.symantec.com/avcenter/security/Content/2004.05.12.html
http://secunia.com/advisories/11066
(UNKNOWN)  SECUNIA  11066
http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021362.html
(UNKNOWN)  FULLDISC  20040512 EEYE: Symantec Multiple Firewall NBNS Response Remote Heap Corruption
http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021361.html
(UNKNOWN)  FULLDISC  20040512 EEYE: Symantec Multiple Firewall Remote DNS KERNEL Overflow
http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021360.html
(UNKNOWN)  FULLDISC  20040512 EEYE: Symantec Multiple Firewall NBNS Response Processing Stack Overflow
http://xforce.iss.net/xforce/xfdb/16137
(UNKNOWN)  XF  symantec-dns-response-bo(16137)
http://xforce.iss.net/xforce/xfdb/16135
(UNKNOWN)  XF  symantec-firewalls-nbns-bo(16135)
http://xforce.iss.net/xforce/xfdb/16134
(UNKNOWN)  XF  symantec-nbns-response-bo(16134)
http://www.osvdb.org/6102
(UNKNOWN)  OSVDB  6102
http://www.osvdb.org/6101
(UNKNOWN)  OSVDB  6101
http://www.osvdb.org/6099
(UNKNOWN)  OSVDB  6099
http://www.ciac.org/ciac/bulletins/o-141.shtml
(UNKNOWN)  CIAC  O-141
http://securitytracker.com/id?1010146
(UNKNOWN)  SECTRACK  1010146
http://securitytracker.com/id?1010145
(UNKNOWN)  SECTRACK  1010145
http://securitytracker.com/id?1010144
(UNKNOWN)  SECTRACK  1010144

- 漏洞信息

Symantec Client Firewall NETBIOS处理远程堆溢出漏洞
危急 边界条件错误
2004-07-07 00:00:00 2006-08-28 00:00:00
远程  
        
        Symantec Client Firewall是适用与Windows的桌面防火墙。
        Symantec Client Firewall在处理NetBIOS名字服务应答数据缺少充分边界检查,远程攻击者可以利用这个漏洞对防火墙进行基于堆的溢出攻击,可能以SYSTEM进程权限在系统上执行任意指令。
        SYMDNS.SYS驱动的产品当从包中读取应答数据时对NetBIOS名字服务应答时存在问题,在拷贝这些数据使破坏内存中堆的结构,攻击者可以构建恶意数据发送到受此漏洞影响的UDP 137端口,可发生拒绝服务攻击。存在执行任意指令的可能。
        

- 公告与补丁

        厂商补丁:
        Symantec
        --------
        目前厂商已经发布了升级补丁以修复这个安全问题,用户可以使用Symantec LiveUpdate进行升级。
        
        http://www.symantec.com/

- 漏洞信息

6099
Symantec Multiple Firewall NBNS Response Processing Overflow
Remote / Network Access Input Manipulation
Loss of Integrity
Vendor Verified

- 漏洞描述

A remote overflow exists in Symantec Norton Personal Firewall. The product fails to check bounds in the main NBNS processing routine and can be overflowed via overwritten index variable. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.

- 时间线

2004-05-12 2004-04-19
Unknow 2004-05-12

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Symantec has released a patch to address this vulnerability. Customers can obtain the update via the LiveUpdate utility: 1. Open any installed Symantec product 2. Click on LiveUpdate in the toolbar 3. Run LiveUpdate until Symantec LiveUpdate indicated that all installed Symantec products are up-to-date

- 相关参考

- 漏洞作者

- 漏洞信息

Symantec Client Firewall NetBIOS Handler Remote Heap Overflow Vulnerability
Boundary Condition Error 10335
Yes No
2004-05-12 12:00:00 2009-07-12 04:07:00
Discovery of this vulnerability has been credited to eEye Digital Security.

- 受影响的程序版本

Symantec Norton Personal Firewall 2004
Symantec Norton Personal Firewall 2003
Symantec Norton Personal Firewall 2002
Symantec Norton Internet Security 2004 Professional Edition
Symantec Norton Internet Security 2004
Symantec Norton Internet Security 2003 Professional Edition
Symantec Norton Internet Security 2003
Symantec Norton Internet Security 2002 Professional Edition 0
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Symantec Norton Internet Security 2002 0
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Symantec Norton AntiSpam 2004
+ Symantec Norton Internet Security 2004
+ Symantec Norton Internet Security 2004 Professional Edition
Symantec Client Security 2.0 (SCF 7.1)
Symantec Client Security 1.1
Symantec Client Security 1.0
Symantec Client Firewall 5.1.1
Symantec Client Firewall 5.0 1

- 漏洞讨论

Symantec Client Firewall products have been reported prone to a remote heap memory corruption vulnerability. This vulnerability will result in the corruption of inline heap memory management structures, and may ultimately be exploited by a remote attacker to execute arbitrary code on the affected system.

- 漏洞利用

The researchers who discovered this issue have developed working exploit code that is not publicly available or known to be circulating in the wild.

- 解决方案

It is reported that a fix for this vulnerability is available through the Symantec LiveUpdate service. Customers are advised to run LiveUpdate to address this issue.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站