National Cyber-Alert System

Vulnerability Summary for CVE-2004-0444

Overview

Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet Security and Professional 2002 through 2004, Norton Personal Firewall 2002 through 2004, Norton AntiSpam 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 through 2.0 allow remote attackers to cause a denial of service or execute arbitrary code via (1) a manipulated length byte in the first-level decoding routine for NetBIOS Name Service (NBNS) that modifies an index variable and leads to a stack-based buffer overflow, (2) a heap-based corruption problem in an NBNS response that is missing certain RR fields, and (3) a stack-based buffer overflow in the DNS component via a Resource Record (RR) with a long canonical name (CNAME) field composed of many smaller components.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Vulnerability Note: VU#634414

Name: VU#634414

Type: Advisory; Patch Information

Hyperlink:http://www.kb.cert.org/vuls/id/634414

US-CERT Vulnerability Note: VU#294998

Name: VU#294998

Type: Advisory; Patch Information

Hyperlink:http://www.kb.cert.org/vuls/id/294998

US-CERT Vulnerability Note: VU#637318

Name: VU#637318

Hyperlink:http://www.kb.cert.org/vuls/id/637318

External Source: BID

Name: 10335

Hyperlink:http://www.securityfocus.com/bid/10335

External Source: BID

Name: 10334

Hyperlink:http://www.securityfocus.com/bid/10334

External Source: BID

Name: 10333

Hyperlink:http://www.securityfocus.com/bid/10333

External Source: CONFIRM

Name: http://securityresponse.symantec.com/avcenter/security/Content/2004.05.12.html

Hyperlink:http://securityresponse.symantec.com/avcenter/security/Content/2004.05.12.html

External Source: SECUNIA

Name: 11066

Hyperlink:http://secunia.com/advisories/11066

External Source: FULLDISC

Name: 20040512 EEYE: Symantec Multiple Firewall NBNS Response Remote Heap Corruption

Hyperlink:http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021362.html

External Source: FULLDISC

Name: 20040512 EEYE: Symantec Multiple Firewall Remote DNS KERNEL Overflow

Hyperlink:http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021361.html

External Source: FULLDISC

Name: 20040512 EEYE: Symantec Multiple Firewall NBNS Response Processing Stack Overflow

Hyperlink:http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021360.html

External Source: XF

Name: symantec-dns-response-bo(16137)

Hyperlink:http://xforce.iss.net/xforce/xfdb/16137

External Source: XF

Name: symantec-firewalls-nbns-bo(16135)

Hyperlink:http://xforce.iss.net/xforce/xfdb/16135

External Source: XF

Name: symantec-nbns-response-bo(16134)

Hyperlink:http://xforce.iss.net/xforce/xfdb/16134

External Source: OSVDB

Name: 6102

Hyperlink:http://www.osvdb.org/6102

External Source: OSVDB

Name: 6101

Hyperlink:http://www.osvdb.org/6101

External Source: OSVDB

Name: 6099

Hyperlink:http://www.osvdb.org/6099

External Source: CIAC

Name: O-141

Hyperlink:http://www.ciac.org/ciac/bulletins/o-141.shtml

External Source: SECTRACK

Name: 1010146

Hyperlink:http://securitytracker.com/id?1010146

External Source: SECTRACK

Name: 1010145

Hyperlink:http://securitytracker.com/id?1010145

External Source: SECTRACK

Name: 1010144

Hyperlink:http://securitytracker.com/id?1010144