• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Symantec Client Firewall DNS Response Buffer Overflow Vulnerability

A remotely exploitable buffer overflow vulnerability has been reported in various Symantec Firewall Products. Affected products include Norton Internet Security, Norton Personal Firewall, Norton AntiSpam, Client Firewall, and Client Security.

The issue is due to insufficient bounds checking of DNS response data and may be exploited to gain SYSTEM/kernel level access to a computer hosting the vulnerable software.

The source of the vulnerability is that the CNAME (Canonical Name) data field specified in incoming DNS Resource Records is copied into an internal buffer in an insecure manner, resulting in a stack-based buffer overflow.