Bugtraq mailing list archives

vulnerability in Symantec products

From: security () dimichsoft com
Date: 26 Oct 2006 22:30:11 -0000

Critical vulnerability was discovered in Symantec Internet Security 2005, posible afected products: Symantec Personal 
Firewall 2005, Symantec Internet Security 2004, Symantec Personal Firewall 2004,  Symantec Personal Firewall 2003, 
Symantec Internet Security 2006, Symantec Personal Firewall 2006.

Defective program feature allows to establish remote connections undetected - thus creating a perfect exploit for 
trojans and hacker activities. Symantec products generally have a rule "Default outbound NetBIOS", allowing programs to 
establish direct IP connections on ports 137, 138, 139. Therefore, trojan programs can undetectably bypass Symantec 
firewall and connect on these ports to attacker's remote server. However, resolving IP from DNS will be detected by the 
firewall.

Solutions:
- Disable "Default outbound NetBIOS" rule
- Modify "Default outbound NetBIOS" rule and restrict connections only to LAN

--------------------------------------------------
DimichSoft Security Group
http://www.dimichsoft.com/security.html

Current thread:

vulnerability in Symantec products security (Oct 27)
- <Possible follow-ups>
- Re: vulnerability in Symantec products jay.tomas (Oct 30)
  - unreliable vulnerability reports en-masee [was:Re: vulnerability in Symantec products] Gadi Evron (Oct 30)