News

Symantec warns of security hole in firewall products

A flaw discovered in a common component of Symantec's firewall technology leaves a number of that company's products vulnerable to denial of service (DoS) attacks.

News of the flaw was released in a bulletin from Symantec and by Danish security services firm Advanced IT Security.

The security hole was discovered in the Web proxy component of Symantec's Enterprise Firewall product, also known as Simple Secure Webserver 1.1.

The vulnerability concerns the way the Web server handles requests for URLs (uniform resource locators), addresses used to access Web pages and other resources on the Internet.

According to a security advisory posted on Advanced IT Security's Web site, requests from an attacker for registered but unavailable Internet domains cause the Symantec Web server to pause for as long as five minutes waiting for a reply.

During that time, the entire firewall ceases to respond to other, legitimate requests, affecting not only Web traffic to the domain that would go through the firewall, but other types of Internet traffic as well, according to Tommy Mikalsen, chief technology officer of Advanced IT.

Symantec has issued a patch for the affected products and is advising its customers to keep their products and operating systems updated.

Symantec's Web server is a common component of its firewall technology, and the flaw affects a wide range.

In its security alert, Symantec listed the Raptor Firewall for Windows NT and Solaris; the Symantec Enterprise Firewall for Windows 2000, Windows NT, and Solaris; the VelociRaptor models 500, 700, 1000, 1100, 1200, and 1300; and the Symantec Gateway Security 5110, 5200, and 5300 products as affected by the vulnerability.
 

COMMENTS powered by Disqus  //  Commenting policy