CVE-2004-0375

SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton Personal Firewall 2003 and 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 and 1.1 allow remote attackers to cause a denial of service (infinite loop) via a TCP packet with (1) SACK option or (2) Alternate Checksum Data option followed by a length of zero.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=108275582432246&w=2
http://securitytracker.com/id?1009379
http://securitytracker.com/id?1009380
http://www.eeye.com/html/Research/Upcoming/20040309.html
http://www.securityfocus.com/bid/9912	Exploit Vendor Advisory
http://www.symantec.com/avcenter/security/Content/2004.04.20.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/15433
https://exchange.xforce.ibmcloud.com/vulnerabilities/15936

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:symantec:client_firewall:5.01:::::::*
	cpe:2.3:a:symantec:client_firewall:5.1.1:::::::*
	cpe:2.3:a:symantec:client_security:1.0:::::::*
	cpe:2.3:a:symantec:client_security:1.1:::::::*
	cpe:2.3:a:symantec:norton_internet_security:2003:::::::*
	cpe:2.3:a:symantec:norton_internet_security:2003::pro:::::
	cpe:2.3:a:symantec:norton_internet_security:2004:::::::*
	cpe:2.3:a:symantec:norton_internet_security:2004::pro:::::
	cpe:2.3:a:symantec:norton_personal_firewall:2003:::::::*
	cpe:2.3:a:symantec:norton_personal_firewall:2004:::::::*

History

No history.

Information

Published : 2004-08-18 04:00

Updated : 2024-02-28 10:24

NVD link : CVE-2004-0375

Mitre link : CVE-2004-0375

CVE.ORG link : CVE-2004-0375

JSON object : View

Products Affected

symantec

norton_personal_firewall
client_security
norton_internet_security
client_firewall

CWE

NVD-CWE-Other

{"id": "CVE-2004-0375", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2004-08-18T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=108275582432246&w=2", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1009379", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1009380", "source": "cve@mitre.org"}, {"url": "http://www.eeye.com/html/Research/Upcoming/20040309.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/9912", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.symantec.com/avcenter/security/Content/2004.04.20.html", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15433", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15936", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton Personal Firewall 2003 and 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 and 1.1 allow remote attackers to cause a denial of service (infinite loop) via a TCP packet with (1) SACK option or (2) Alternate Checksum Data option followed by a length of zero."}, {"lang": "es", "value": "SIMNDIS.SYS en Symantec Norton Internet Securiy 2003 y 2004, Norton Personal Firewall 2003 y 2004, Client Firewall 5.01 y 5.1.1, y Client Security 1.0 y 1.1 permite a atacantes remotos causar una denegaci\u00f3n de servicio (bucle infinito) mediante un paquete TCP con (1) opci\u00f3n SACK o (2) opci\u00f3n Suma de Comprobaci\u00f3n de Datos Alternativa seguida por una longitud cero."}], "lastModified": "2017-07-11T01:30:06.840", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:symantec:client_firewall:5.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4AEFBAEB-18D4-4082-9F19-C47113841C89"}, {"criteria": "cpe:2.3:a:symantec:client_firewall:5.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6EA9657C-14D2-418A-AABD-96392E87F4B8"}, {"criteria": "cpe:2.3:a:symantec:client_security:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1DFD4CB-40A1-4D70-97AC-0941826F28CF"}, {"criteria": "cpe:2.3:a:symantec:client_security:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7483F6DD-EDC0-497E-A5A9-B186E02CCCEA"}, {"criteria": "cpe:2.3:a:symantec:norton_internet_security:2003:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AEF97C5F-3A80-4973-85FD-5BCE43B32AD8"}, {"criteria": "cpe:2.3:a:symantec:norton_internet_security:2003:*:pro:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F0BF645-7C56-4ED6-91C0-AE4CFAB62EE6"}, {"criteria": "cpe:2.3:a:symantec:norton_internet_security:2004:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2ACBDE0C-91D2-4357-9724-B60BBFF5D2B8"}, {"criteria": "cpe:2.3:a:symantec:norton_internet_security:2004:*:pro:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7875372-44D7-47AB-8F8C-4A3AB98FB3B6"}, {"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:2003:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74E5CAF7-C305-4FAF-8DA7-627D83F65185"}, {"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:2004:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36C0FF0C-EB6E-479B-BFF9-E55CBC0D6500"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}