Details of VAR-200407-0080

ID

VAR-200407-0080

CVE

CVE-2004-0444

TITLE

Multiple Symantec firewall products contain a buffer overflow in the processing of DNS resource records

Trust: 0.8

sources: CERT/CC: VU#637318

DESCRIPTION

Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet Security and Professional 2002 through 2004, Norton Personal Firewall 2002 through 2004, Norton AntiSpam 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 through 2.0 allow remote attackers to cause a denial of service or execute arbitrary code via (1) a manipulated length byte in the first-level decoding routine for NetBIOS Name Service (NBNS) that modifies an index variable and leads to a stack-based buffer overflow, (2) a heap-based corruption problem in an NBNS response that is missing certain RR fields, and (3) a stack-based buffer overflow in the DNS component via a Resource Record (RR) with a long canonical name (CNAME) field composed of many smaller components. There is a heap corruption vulnerability in multiple Symantec firewall products in which attempts to process a specially crafted NetBIOS Name Service (NBNS) response packet could allow an unauthenticated, remote attacker to execute arbitrary code with kernel privileges. client firewall , client security , norton antispam An unspecified vulnerability exists in multiple Symantec products, including:None. The issue is due to insufficient bounds checking of DNS response data and may be exploited to gain SYSTEM/kernel level access to a computer hosting the vulnerable software. The source of the vulnerability is that the CNAME (Canonical Name) data field specified in incoming DNS Resource Records is copied into an internal buffer in an insecure manner, resulting in a stack-based buffer overflow. As a result, an attacker on a local network could respond to a NetBIOS Name Service query from a client and send a malformed response in return that overflows a vulnerable buffer. A successful attack could allow an attacker to gain SYSTEM level privileges on a vulnerable system. Products driven by SYMDNS.SYS have problems responding to the NetBIOS name service when reading the response data from the packet. After copying these data, the structure of the heap in memory is destroyed. An attacker can construct malicious data and send it to UDP affected by this vulnerability. 137 port, denial of service attacks can occur. It is possible to execute arbitrary commands

Trust: 5.4

sources: NVD: CVE-2004-0444 // CERT/CC: VU#637318 // CERT/CC: VU#294998 // CERT/CC: VU#682110 // CERT/CC: VU#634414 // JVNDB: JVNDB-2004-000890 // BID: 10335 // BID: 10334 // BID: 10333 // VULHUB: VHN-8874

AFFECTED PRODUCTS

vendor:	symantec	model:	-	scope:	-	version:	-	Trust: 3.2
vendor:	symantec	model:	client security	scope:	eq	version:	1.1	Trust: 2.5
vendor:	symantec	model:	client security	scope:	eq	version:	1.0	Trust: 2.5
vendor:	symantec	model:	client firewall	scope:	eq	version:	5.1.1	Trust: 2.5
vendor:	symantec	model:	client firewall	scope:	eq	version:	5.01	Trust: 2.5
vendor:	symantec	model:	norton personal firewall	scope:	eq	version:	2004	Trust: 1.9
vendor:	symantec	model:	norton personal firewall	scope:	eq	version:	2003	Trust: 1.9
vendor:	symantec	model:	norton personal firewall	scope:	eq	version:	2002	Trust: 1.9
vendor:	symantec	model:	norton internet security	scope:	eq	version:	2004	Trust: 1.9
vendor:	symantec	model:	norton internet security	scope:	eq	version:	2003	Trust: 1.9
vendor:	symantec	model:	norton antispam	scope:	eq	version:	2004	Trust: 1.9
vendor:	symantec	model:	client security	scope:	eq	version:	1.2	Trust: 1.6
vendor:	symantec	model:	client security	scope:	eq	version:	1.5	Trust: 1.6
vendor:	symantec	model:	client security	scope:	eq	version:	1.4	Trust: 1.6
vendor:	symantec	model:	client security	scope:	eq	version:	1.3	Trust: 1.6
vendor:	symantec	model:	client security	scope:	eq	version:	1.6	Trust: 1.6
vendor:	symantec	model:	client security	scope:	eq	version:	1.7	Trust: 1.6
vendor:	symantec	model:	client security	scope:	eq	version:	1.9	Trust: 1.0
vendor:	symantec	model:	client security	scope:	eq	version:	1.8	Trust: 1.0
vendor:	symantec	model:	client security	scope:	eq	version:	2.0	Trust: 1.0
vendor:	symantec	model:	norton internet security	scope:	eq	version:	2002	Trust: 1.0
vendor:	symantec	model:	norton internet security professional edition	scope:	eq	version:	2004	Trust: 0.9
vendor:	symantec	model:	norton internet security professional edition	scope:	eq	version:	2003	Trust: 0.9
vendor:	symantec	model:	norton internet security professional edition	scope:	eq	version:	20020	Trust: 0.9
vendor:	symantec	model:	norton internet security	scope:	eq	version:	20020	Trust: 0.9
vendor:	symantec	model:	client security (scf	scope:	eq	version:	2.07.1)	Trust: 0.9
vendor:	シマンテック	model:	client security	scope:	-	version:	-	Trust: 0.8
vendor:	シマンテック	model:	norton antispam	scope:	-	version:	-	Trust: 0.8
vendor:	シマンテック	model:	norton internet security	scope:	-	version:	-	Trust: 0.8
vendor:	シマンテック	model:	client firewall	scope:	-	version:	-	Trust: 0.8
vendor:	シマンテック	model:	norton personal firewall	scope:	-	version:	-	Trust: 0.8

sources: CERT/CC: VU#637318 // CERT/CC: VU#294998 // CERT/CC: VU#682110 // CERT/CC: VU#634414 // BID: 10335 // BID: 10334 // BID: 10333 // JVNDB: JVNDB-2004-000890 // CNNVD: CNNVD-200407-017 // NVD: CVE-2004-0444

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-0444
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#637318
value:	23.91
Trust: 0.8
CARNEGIE MELLON:	VU#294998
value:	15.54
Trust: 0.8
CARNEGIE MELLON:	VU#682110
value:	9.56
Trust: 0.8
CARNEGIE MELLON:	VU#634414
value:	21.09
Trust: 0.8
NVD:	CVE-2004-0444
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200407-017
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-8874
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2004-0444
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-8874
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#637318 // CERT/CC: VU#294998 // CERT/CC: VU#682110 // CERT/CC: VU#634414 // VULHUB: VHN-8874 // JVNDB: JVNDB-2004-000890 // CNNVD: CNNVD-200407-017 // NVD: CVE-2004-0444

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2004-000890 // NVD: CVE-2004-0444

THREAT TYPE

network

Trust: 0.9

sources: BID: 10335 // BID: 10334 // BID: 10333

TYPE

Boundary Condition Error

Trust: 1.5

sources: BID: 10335 // BID: 10334 // BID: 10333 // CNNVD: CNNVD-200407-017

EXTERNAL IDS

db:	SECUNIA	id:	11066	Trust: 5.7
db:	CERT/CC	id:	VU#294998	Trust: 3.9
db:	NVD	id:	CVE-2004-0444	Trust: 3.9
db:	CERT/CC	id:	VU#637318	Trust: 3.6
db:	CERT/CC	id:	VU#634414	Trust: 3.6
db:	BID	id:	10334	Trust: 2.8
db:	BID	id:	10335	Trust: 2.8
db:	BID	id:	10333	Trust: 2.8
db:	SECTRACK	id:	1010144	Trust: 2.5
db:	SECTRACK	id:	1010146	Trust: 2.5
db:	SECTRACK	id:	1010145	Trust: 2.5
db:	OSVDB	id:	6101	Trust: 1.7
db:	OSVDB	id:	6099	Trust: 1.7
db:	OSVDB	id:	6102	Trust: 1.7
db:	CERT/CC	id:	VU#682110	Trust: 0.8
db:	JVNDB	id:	JVNDB-2004-000890	Trust: 0.8
db:	CNNVD	id:	CNNVD-200407-017	Trust: 0.7
db:	FULLDISC	id:	20040512 EEYE: SYMANTEC MULTIPLE FIREWALL NBNS RESPONSE REMOTE HEAP CORRUPTION	Trust: 0.6
db:	FULLDISC	id:	20040512 EEYE: SYMANTEC MULTIPLE FIREWALL REMOTE DNS KERNEL OVERFLOW	Trust: 0.6
db:	FULLDISC	id:	20040512 EEYE: SYMANTEC MULTIPLE FIREWALL NBNS RESPONSE PROCESSING STACK OVERFLOW	Trust: 0.6
db:	CIAC	id:	O-141	Trust: 0.6
db:	XF	id:	16137	Trust: 0.6
db:	XF	id:	16135	Trust: 0.6
db:	XF	id:	16134	Trust: 0.6
db:	VULHUB	id:	VHN-8874	Trust: 0.1

sources: CERT/CC: VU#637318 // CERT/CC: VU#294998 // CERT/CC: VU#682110 // CERT/CC: VU#634414 // VULHUB: VHN-8874 // BID: 10335 // BID: 10334 // BID: 10333 // JVNDB: JVNDB-2004-000890 // CNNVD: CNNVD-200407-017 // NVD: CVE-2004-0444

REFERENCES

url:	http://securityresponse.symantec.com/avcenter/security/content/2004.05.12.html	Trust: 5.8
url:	http://secunia.com/advisories/11066/	Trust: 3.2
url:	http://www.kb.cert.org/vuls/id/294998	Trust: 3.1
url:	http://www.kb.cert.org/vuls/id/634414	Trust: 2.8
url:	http://www.kb.cert.org/vuls/id/637318	Trust: 2.8
url:	http://www.securityfocus.com/bid/10333	Trust: 2.5
url:	http://www.securityfocus.com/bid/10334	Trust: 2.5
url:	http://www.securityfocus.com/bid/10335	Trust: 2.5
url:	http://www.ciac.org/ciac/bulletins/o-141.shtml	Trust: 2.5
url:	http://lists.grok.org.uk/pipermail/full-disclosure/2004-may/021360.html	Trust: 2.5
url:	http://lists.grok.org.uk/pipermail/full-disclosure/2004-may/021362.html	Trust: 2.5
url:	http://lists.grok.org.uk/pipermail/full-disclosure/2004-may/021361.html	Trust: 2.5
url:	http://securitytracker.com/id?1010144	Trust: 2.5
url:	http://securitytracker.com/id?1010145	Trust: 2.5
url:	http://securitytracker.com/id?1010146	Trust: 2.5
url:	http://secunia.com/advisories/11066	Trust: 2.5
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/16137	Trust: 1.9
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/16135	Trust: 1.9
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/16134	Trust: 1.9
url:	http://www.osvdb.org/6099	Trust: 1.7
url:	http://www.osvdb.org/6101	Trust: 1.7
url:	http://www.osvdb.org/6102	Trust: 1.7
url:	http://www.eeye.com/html/research/advisories/ad20040512d.html	Trust: 1.1
url:	http://www.eeye.com/html/research/advisories/ad20040512c.html	Trust: 1.1
url:	http://www.eeye.com/html/research/advisories/ad20040512a.html	Trust: 1.1
url:	/archive/1/363228	Trust: 0.9
url:	http://www.eeye.com/html/research/advisories/ad20040512b.html	Trust: 0.8
url:	http://securityresponse.symantec.com/avcenter/security/content/2004.05.12.html	Trust: 0.8
url:	http://www.ietf.org/rfc/rfc1001.txt	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2004-0444	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/16137	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/16135	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/16134	Trust: 0.6

CREDITS

Eeye Digital Security

Trust: 0.6

sources: CNNVD: CNNVD-200407-017

SOURCES

db:	CERT/CC	id:	VU#637318
db:	CERT/CC	id:	VU#294998
db:	CERT/CC	id:	VU#682110
db:	CERT/CC	id:	VU#634414
db:	VULHUB	id:	VHN-8874
db:	BID	id:	10335
db:	BID	id:	10334
db:	BID	id:	10333
db:	JVNDB	id:	JVNDB-2004-000890
db:	CNNVD	id:	CNNVD-200407-017
db:	NVD	id:	CVE-2004-0444

LAST UPDATE DATE

2024-08-14T15:04:47.720000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#637318	date:	2004-05-13T00:00:00
db:	CERT/CC	id:	VU#294998	date:	2004-05-13T00:00:00
db:	CERT/CC	id:	VU#682110	date:	2004-05-13T00:00:00
db:	CERT/CC	id:	VU#634414	date:	2004-06-02T00:00:00
db:	VULHUB	id:	VHN-8874	date:	2017-07-11T00:00:00
db:	BID	id:	10335	date:	2009-07-12T04:07:00
db:	BID	id:	10334	date:	2009-07-12T04:07:00
db:	BID	id:	10333	date:	2004-05-12T00:00:00
db:	JVNDB	id:	JVNDB-2004-000890	date:	2024-06-04T08:51:00
db:	CNNVD	id:	CNNVD-200407-017	date:	2006-08-28T00:00:00
db:	NVD	id:	CVE-2004-0444	date:	2017-07-11T01:30:09.870

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#637318	date:	2004-05-13T00:00:00
db:	CERT/CC	id:	VU#294998	date:	2004-05-13T00:00:00
db:	CERT/CC	id:	VU#682110	date:	2004-05-13T00:00:00
db:	CERT/CC	id:	VU#634414	date:	2004-05-13T00:00:00
db:	VULHUB	id:	VHN-8874	date:	2004-07-07T00:00:00
db:	BID	id:	10335	date:	2004-05-12T00:00:00
db:	BID	id:	10334	date:	2004-05-12T00:00:00
db:	BID	id:	10333	date:	2004-05-12T00:00:00
db:	JVNDB	id:	JVNDB-2004-000890	date:	2024-06-04T00:00:00
db:	CNNVD	id:	CNNVD-200407-017	date:	2004-05-12T00:00:00
db:	NVD	id:	CVE-2004-0444	date:	2004-07-07T04:00:00