A flaw discovered in a common component of Symantec's firewall
technology leaves a number of that company's products vulnerable to
denial of service (DoS) attacks.
News of the flaw was released in a bulletin from Symantec and by
Danish security services firm Advanced IT Security.
The security hole was discovered in the Web proxy component of
Symantec's Enterprise Firewall product, also known as Simple Secure
Webserver 1.1.
The vulnerability concerns the way the Web server handles requests
for URLs (uniform resource locators), addresses used to access Web
pages and other resources on the Internet.
According to a security advisory posted on Advanced IT Security's
Web site, requests from an attacker for registered but unavailable
Internet domains cause the Symantec Web server to pause for as long
as five minutes waiting for a reply.
During that time, the entire firewall ceases to respond to other,
legitimate requests, affecting not only Web traffic to the domain
that would go through the firewall, but other types of Internet
traffic as well, according to Tommy Mikalsen, chief technology
officer of Advanced IT.
Symantec has issued a patch for the affected products and is
advising its customers to keep their products and operating systems
updated.
Symantec's Web server is a common component of its firewall
technology, and the flaw affects a wide range.
In its security alert, Symantec listed the Raptor Firewall for
Windows NT and Solaris; the Symantec Enterprise Firewall for
Windows 2000, Windows NT, and Solaris; the VelociRaptor models 500,
700, 1000, 1100, 1200, and 1300; and the Symantec Gateway Security
5110, 5200, and 5300 products as affected by the vulnerability.