Symantec Firewall/VPN Products Multiple Vulnerabilities

[Giorgius]

Rigel Kent Security & Advisory Services has reported some vulnerabilities in various Symantec Firewall/VPN products, which can be exploited by malicious people to cause a DoS (Denial of Service), identify active services, and manipulate the firewall configuration.

1) An error within the connection handling can be exploited to cause the firewall to stop responding via a UDP port scan of all ports on the WAN interface.

This vulnerability affect the following products:
* Symantec Firewall/VPN Appliance 100 (firmware builds prior to build 1.63)
* Symantec Firewall/VPN Appliance 200/200R (firmware builds prior to build 1.63)

2) An access control error in the default firewall ruleset causes any incoming UDP traffic from port 53 to be accepted. This makes it possible for a malicious person to port scan a system for listening UDP services on the WAN interface and communicate with these by using port 53/udp as source port.

This vulnerability affect the following products:
* Symantec Firewall/VPN Appliance 100 (firmware builds prior to build 1.63)
* Symantec Firewall/VPN Appliance 200/200R (firmware builds prior to build 1.63)
* Symantec Gateway Security 320 (firmware builds prior to build 622)
* Symantec Gateway Security 360/360R (firmware builds prior to build 622)

3) The default SNMP read/write community strings can't be changed nor can the SNMP service be disabled. This can be exploited in combination with vulnerability #2 to disclose and manipulate the firewall configuration via the SNMP service.

This vulnerability affect the following products:
* Symantec Firewall/VPN Appliance 100 (firmware builds prior to build 1.63)
* Symantec Firewall/VPN Appliance 200/200R (firmware builds prior to build 1.63)
* Symantec Gateway Security 320 (firmware builds prior to build 622)
* Symantec Gateway Security 360/360R (firmware builds prior to build 622)

Leggi:
http://secunia.com/advisories/12635/