WelcomeEnterpriseSmall BusinessHome & Home OfficePartnersAbout Symantec
May 2, 2005
Symantec security gateway ICMP potential Denial of Service

Revision History
5/3/2005 Added customer impact statement

Risk Impact

Symantec has addressed certain potential security issues in the handling of Internet Control Message Protocol (ICMP) packets identified in Symantec security gateway products. These issues could result in successful denial of service attacks against the affected products.

Affected Products

Symantec Gateway Security 5400 Series, v2.x  
Symantec Gateway Security 5300 Series, v1.0  
Symantec Enterprise Firewall, v7.0.x (Windows and Solaris)
Symantec Enterprise Firewall v8.0 (Windows and Solaris)
Symantec VelociRaptor, Model 1100/1200/1300 v1.5  
Symantec Gateway Security 300 Series (All firmware versions)
Symantec Gateway Security 400 Series (All firmware versions)
Symantec Firewall/VPN Appliance 100/200/200R (All firmware versions)
Nexland ISB SOHO Firewall Appliances (All firmware versions)
Nexland Pro Series Firewall Appliances (All firmware versions)

The National Infrastructure Security Co-ordination Centre (NISCC) in the UK released an advisory on vulnerability issues affecting ICMP packets with TCP payloads. ICMP is the control protocol for IP (Internet Protocol), a core network component central to the majority of networked computer systems in current use.

Symantec security gateway products were thoroughly tested to determine susceptibility to the identified issues. Presented in sufficient quantity and extended duration, attacks using some of these identified issues could potentially be remotely exploited by an unauthorized user resulting in a denial of service (DoS) against the affected products listed above.

Symantec Response
Symantec verified these issues and is making available TCP/ICMP protocol security upgrades for the affected security gateway products. These upgrades take advantage of operating system modifications to address the NISCC identified issues and further enhance Symantecís security posture.

Symantec recommends customers immediately apply the latest hotfix or firmware update for their affected product versions to protect against these types of threats. Product specific fixes are available from the Symantec Enterprise Support site http://www.symantec.com/techsupp and, for some products, through LiveUpdate of firmware.

Symantec is not aware of any adverse customer impact from these issues.

The following Common Vulnerability and Exposure (CVE) names identify these issues:

CAN-2004-0230, Vulnerabilities in TCP/IP Could Allow Denial of Service - Breaking TCP Sessions with TCP Messages

CAN-2004-0790/0791, Vulnerabilities in TCP/IP Could Allow Denial of Service - Connection Resets on TCP from ICMP hard Unreachable messages

CAN-2004-1060, Vulnerabilities in TCP/IP Could Allow Denial of Service - ICMP Path MTU

These are candidates for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.

The NISCC advisory was based on research reported by Fernando Gont.

Symantec takes the security and proper functionality of our products very seriously. As founding members of the Organization for Internet Safety (OISafety), Symantec supports and follows the principles of responsible disclosure. Symantec also subscribes to the vulnerability disclosure guidelines outlined by the National Infrastructure Advisory Council (NIAC).

Please contact secure@symantec.com if you feel you have discovered a security issue in a Symantec product. A Symantec Product Security team member will contact you regarding your submission. Symantec strongly recommends using encrypted email for reporting vulnerability information to secure@symantec.com. The Symantec Product Security PGP key can be found at the end of this message.

Symantec has developed a Product Vulnerability Response document outlining the process we follow in addressing suspected vulnerabilities in our products. This document is available below.

PDF Symantec Vulnerability Response Policy PGP Symantec Product Vulnerability Management PGP Key

Copyright © by Symantec Corp.
Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Symantec Security Response. Reprinting the whole or part of this alert in any medium other than electronically requires permission from secure@symantec.com.

The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.

Symantec, Symantec products, Symantec Security Response, and secure@symantec.com are registered trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners.

Last modified on: Monday, 11-Feb-2013 18:24:46 PST