Symantec Client Firewall products for Windows contain a flaw that may allow a remote denial of service. The issue is triggered when an attacker supplies a single TCP packet with an option of either SACK (05) or Alternate Checksum Data (0F) followed by a length of 00, which causes the SYMNDIS.SYS driver to enter an infinite loop and will result in loss of availability for the platform.

Vendor has released a patch for this vulnerability. The patch is available via the Symantec LiveUpdate service.

• Bugtraq ID: 10204
• Secunia Advisory ID: 11102
• ISS X-Force ID: 15936
• CVE ID: 2004-0375 (see also: NVD)
• SCIP VulDB ID: 569
• Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-03/2406.html
• Other Advisory URL: http://research.eeye.com/html/advisories/upcoming/20040309.html
  http://www.eeye.com/html/Research/Upcoming/20040309.html [ Link is 404 ]
• Vendor Specific Advisory URL: http://securityresponse.symantec.com/avcenter/security/Content/2004.04.20.html
• Keyword: SYM04-007

• eEye Digital Security - eEye Digital Security