ID
VAR-200205-0075
CVE
CVE-2002-0309
TITLE
Symantec Enterprise Firewall SMTP Proxy Information disclosure vulnerability
Trust: 0.6
DESCRIPTION
SMTP proxy in Symantec Enterprise Firewall (SEF) 6.5.x includes the firewall's physical interface name and address in an SMTP protocol exchange when NAT translation is made to an address other than the firewall, which could allow remote attackers to determine certain firewall configuration information. The Symantec Enterprise Firewall (SEP) is a high performance firewall solution, and is available for both Windows and Solaris systems. This has the effect of concealing internal network infrastructure information from external recipients of mail. The Symantec Enterprise Firewall accomplishes this functionality by rewriting the SMTP header. The name/address of the physical firewall interface is still included in the rewritten SMTP header. The information disclosed in the SMTP header may reveal details about the firewall's configuration. This issue was tested on SEP v6.5.x. Other versions may be affected by this vulnerability
Trust: 1.26
AFFECTED PRODUCTS
| vendor: | symantec | model: | enterprise firewall | scope: | eq | version: | 6.5.2 | Trust: 1.6 |
| vendor: | symantec | model: | enterprise firewall nt/2000 | scope: | eq | version: | 6.5.2 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-Other | Trust: 1.0 |
THREAT TYPE
remote
Trust: 0.6
TYPE
Design Error
Trust: 0.9
EXTERNAL IDS
| db: | BID | id: | 4141 | Trust: 2.0 |
| db: | NVD | id: | CVE-2002-0309 | Trust: 1.7 |
| db: | CNNVD | id: | CNNVD-200205-139 | Trust: 0.7 |
| db: | XF | id: | 8251 | Trust: 0.6 |
| db: | BUGTRAQ | id: | 20020221 SYMANTEC ENTERPRISE FIREWALL (SEF) SMTP PROXY INCONSISTENCIES | Trust: 0.6 |
| db: | BUGTRAQ | id: | 20020220 SYMANTEC ENTERPRISE FIREWALL (SEF) SMTP PROXY INCONSISTENCIES | Trust: 0.6 |
| db: | VULHUB | id: | VHN-4702 | Trust: 0.1 |
REFERENCES
| url: | http://www.securityfocus.com/bid/4141 | Trust: 2.7 |
| url: | http://securityresponse.symantec.com/avcenter/security/content/2002.02.20.html | Trust: 2.7 |
| url: | http://www.iss.net/security_center/static/8251.php | Trust: 2.7 |
| url: | http://marc.info/?l=bugtraq&m=101424307617060&w=2 | Trust: 2.1 |
| url: | http://marc.info/?l=bugtraq&m=101430810813853&w=2 | Trust: 2.1 |
| url: | http://marc.theaimsgroup.com/?l=bugtraq&m=101430810813853&w=2 | Trust: 0.6 |
| url: | http://marc.theaimsgroup.com/?l=bugtraq&m=101424307617060&w=2 | Trust: 0.6 |
| url: | http://enterprisesecurity.symantec.com/products/products.cfm?productid=47 | Trust: 0.3 |
CREDITS
This vulnerability was submitted to BugTraq on February 20th, 2002 by Martin O'Neal <BugTraq@corsaire.com>.
Trust: 0.9
SOURCES
| db: | VULHUB | id: | VHN-4702 |
| db: | BID | id: | 4141 |
| db: | CNNVD | id: | CNNVD-200205-139 |
| db: | NVD | id: | CVE-2002-0309 |
LAST UPDATE DATE
2024-11-22T23:15:56.747000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-4702 | date: | 2016-10-18T00:00:00 |
| db: | BID | id: | 4141 | date: | 2002-02-20T00:00:00 |
| db: | CNNVD | id: | CNNVD-200205-139 | date: | 2005-08-17T00:00:00 |
| db: | NVD | id: | CVE-2002-0309 | date: | 2024-11-20T23:38:47.100 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-4702 | date: | 2002-05-31T00:00:00 |
| db: | BID | id: | 4141 | date: | 2002-02-20T00:00:00 |
| db: | CNNVD | id: | CNNVD-200205-139 | date: | 2002-05-31T00:00:00 |
| db: | NVD | id: | CVE-2002-0309 | date: | 2002-05-31T04:00:00 |