Security Hole Found in Symantecs Firewall
Vulnerability in several versions of Symantec's Raptor firewall lets an attacker hijack sessions.A vulnerability in numerous versions of Symantec Corp.s Raptor firewall enables an attacker to hijack any session going through the firewall. The problem lies in the algorithm the firewalls use for generating initial sequence numbers (ISN) at the beginning of each session. The ISNs, used as identifiers between client machines and host machines in TCP sessions, are supposed to be random to prevent session hijacking. However, the algorithm used by the Raptor products generates numbers that arent sufficiently random and are therefore easily guessable, according to an advisory published Monday by Ubizen NV, a Belgian security service provider with U.S. headquarters in Reston, Va.
The effects of a successful attack can vary widely and depend upon the attackers position in relation to the client and host machines, said Kristof Philipsen, network security engineer at Ubizen in Luxembourg. If the attacker is not directly involved in the connection, the worst he can do is send spoofed traffic to the host.