Vulnerabilities discovered in the Symantec Client Firewall:
eEye Digital Security notified Symantec of four vulnerabilities they discovered during product testing on versions of Symantec's client firewall application. eEye Digital Security found three instances where remote KERNEL-level access could potentially be gained. Additionally, they reported a denial of service (DoS) issue that requires a system reboot to regain system utilization.
All issues occur within routines in the SYMDNS.SYS component.
The first issue is a stack overflow in the processing of DNS responses caused by improper bounds checking of external input. Successful exploitation of this issue could result in remote code execution on the targeted system with kernel-level privileges.
The second issue is a stack overflow in the processing of NetBIOS Name Service responses that can result in a memory overwrite. If an attacker could successfully create the conditions required to manipulate this vulnerability they could potentially execute arbitrary code with kernel-level privileges.
The third remote execution issue is a potential heap corruption problem caused by improper bounds checking in the processing of NetBIOS Name Service responses. If an attacker were to successfully exploit this condition, they could possibly execute arbitrary code on the targeted system with kernel-level privileges.
The forth issue is a potential DoS condition caused by improper handling of DNS response packets. Maliciously configured DNS responses can cause the targeted system to halt requiring a system reboot to clear the condition and regain system access.[1]
[1]Symantec
Go here for more information.
Posted by Dave Hayden, Sarasota Web Developer