Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Symantec Patches High Risk Flaws



 By: Ryan Naraine
2004-12-31
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Vulnerabilities in Nexland Firewall appliances put users at risk of security bypass, manipulation of data and denial-of-service attacks.

Network security vendor Symantec Corp. has rolled out fixes for three high-risk security holes in its Nexland Firewall appliances.

The flaws could put users at risk of security bypass, manipulation of data and denial-of-service attacks, according to an advisory from research outfit Secunia, which rates the vulnerabilities as "highly critical."

Symantec confirmed that the vulnerabilities had been identified in the Symantec Firewall/VPN Appliance 100, 200 and 200R models. The Symantec Gateway Security 320, 360 and 360R are vulnerable to only two of the issues, which have been resolved, the company explained in a note posted online.

Resource Library:

"All of these vulnerabilities are remotely exploitable and can allow an attacker to perform a denial of service attack against the firewall appliance, identify active services in the WAN interface, and exploit one of these services to collect and alter the firewalls configuration," the company warned.

The security holes, discovered by Rigel Kent Security & Advisory Services, also affect the Nexland ISB SOHO, Pro100, Pro400, Pro800, Pro800turbo and the Nexland WaveBase Firewall Appliances.

Click here to read a column on the Symantec-Veritas deal by eWEEK.coms Wayne Rash.

The Symantec Gateway Security models 320, 360 and 360R are not vulnerable to the denial-of-service issue but have been validated as being vulnerable to the other two issues.

Symantec is urging customers to upgrade to the firmware builds labeled 1.63 for Symantec Firewall/VPN Appliance models100, 200 and 200R. Firmware build 622 has been posted for the Symantec Gateway Security Appliance models 320, 360 and 360R.

The company has also released firmware build 16U for the Nexland Firewall Appliances.

The Nexland firewall appliances, which Symantec acquired last year, are primarily used in branch offices and home offices.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: Symantec Patches High Risk Flaws
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Ryan Naraine
 


x}r㶲s\@♵MQGmy45SHHbL\$e[O]'7nBIL&{Ɩnt7F;?{{~$rhiI1f%STI}"I{hC(~0`R)rdxBԲ|WR #Yخtj5w5Gl$J{'AT{j xL9uΜ}ٜjc7h2 X- (kzZC'Aj(CJx,Z="? w,8&a}#$aTI"E[fŢ˅B!"x^3ˌE !\J!=! g|8Jn.b?uK󁯚ɇfuٜ҅%]We. oQ#LK\zcfMW.~zLqJjpX.B2iKB0.qjjۛjrfv\ JG'-dj`qaeJݠ#mfywς@utiSMc|>9ևm'!|Аd mxZ. 3IXn`vt&hoQy4ڭ,%_ >< )zN==H6(Zχ`jc˦M@B9ǻޚB<Qҡ4|aqjQ?]*~h3-w= | wA,ߣ9#z[LKx GN }t (~9-WRC/0ybA29 EEKy3@ $h5N`źmbo$?LHX)Vpp(ݞHt@)%s㙰\J٣XB YX/_23CCɴX9{DMfT`B[ᛥLKak`FZ, ǪzXc&F#S7a 3G == 3̴ ҄%Ll;9?e!1s WQ'3: x9o@Cys{J`p=Ͱ"̴b֜u4dunNMS R g?fx0-qڛ8uVs]ˤF|`*,q;rmdžfXi8Õ=7q TfЬ||=厬m|,&](LuΩJJ&k*HX3j-y6yBN{r+kFM'W.r1r@@-T%XScX`Da Lzb0qm/n$)LaV|\vΖuVkͲT]۽/ 7r@4 m24@0ٖk_Xt jQVt(:АT um:bXGJG!1~h/a2(&|söV/E\8?>2ei;aZPګY3wld tAq!r?-j(6 gsXSq:hzE>uHNgC\<<fRq'Pit @I*5%}끆_ƅ/c%|o2rl\:|Ꚛ8_.- {uaWjJKs4&ME8` ;DۣӜh2F ÑiH5ߴIF+eu&-JJPT$i/#Y /9-0cYC6aDm6#k(MER&Ӟ@#@:"C'ѠTcD8rj_Ǝ< [g>F} `'zpgItоhʰeh8`Zzq$KDX(T< ֚p̈́O5Oc_c>Ѐah"pHE@xZkh~x } " L-9HZ1-[*::$ݦ݁ä,CdgO{M{c>4Ye j,A@z"R֊Z5jEQRVq~W`qϏxO?"5Th/Op}Oiԛυno?SMw+\ks>#]\V`QaƖ]4FXXH]M;H̎'OBC2By^ ih)\rRj͔ Q=8~0~e7ufv9Aخ crA=3}}v~ 9N(0qs;OM*?RLg%:<!pwCTEeԻ3ubH#C`BEWFڬ,pΨ^\tiYOS)%V$tu| `_snM<=צK$*X]Fj}u¾_[YW7{)|h#Q h`! K{ZCA=cSl}tq@l#RqM݌5m"uy@VIJXhQih^.ۡQm(}gnLZ{xS˙yrN?dZIp|]avKrekH˷"gfjso鸙 ֗y@<sEU [ b&T~\{YRglg^c+o22OwžvXFpaNpgDf|/ m>s3ѻMslsKq3`9S"豥mBtP+'& AA=?/$,Rd#kq΀LdZT+EZz,jJXBL |E࣏ C/ PNkF]C^$G|)@U6HU,UU\Hz, :{VT n?eVPVW`Zd&\%\{3i0(Q󩋗afD}R/)3nQ/ ~egmS?PG te[,r/鉚ĺR`f~d YvH0ש5I-֊R{̡2f{cі$¾.̓G\\׆hg?"XWSwg4ċ)usgCRRhwĶZVr'D:a!`0T=*{H"p?lV*rF2R@BRNbxlēo =$Pןۆ +~W?l)ɡ$ |Bʍ D;}ZXa&3 1114/x߹~TkljK( L $q)YUihj/O0ƙ0KU$(X4qߵ!'^E {{<;k_}n; ex0Z V\zF_kɾ,<9AϐaZ4GފG8 Bf/3b!|F<A(5 +JG{חщ{mE-bcAHFrI'zRG>ggM3_f| Rt4zUrڿHעo)MJ!}J_cNfo4~ ɮP=8,rh%縵vY^a~:)}Aϗ-N9˙LҼ"_"TS8LLàv)fTSeoy0;Fp8@!՝R"(u?Is6uYTY[&M#xAR:%I" Uu$JRSfj*# $_2I,v+htlAzͫ jÚ]e /.iw>6D20O.8w\f0`qo6/É@P V8Vc"Ql  SގeFIRjUYT0g~dNb%UY{2'Hɔ,Ilvy]R{?Ar (qTn̩VTq2ً$sZ!ӹ HuD=6'>OOm),fF>O3<Y &0q޵q byeÅL"Z-DCxQ4,6o{ d|#&K`>[?= J=iv]=NA/ali ԥaJ4%v.a㉭dM)ܗ{|KZO/]@G%sK B"M6fD!"},},$\D9siQ Rpu3u/5_MxbTU**o2C}:{ěH!Cqnҥ6ufR橉% #'X ^ɫBE /#.VhvvbTJsW 6lv4l;ZfDI9Ymcۚ;OY*Rp[ޜt/ɎfZR̞MW+g# HbaNG_bMx6MR}=VAS3Rno*]LsGmRTVmxֈO  KEβN%Vۍ YZJ1wS-ܙܙܙܙ_ޝYVݙz '\E}e +}tuOF>gUAP͈97aTc˱|1䧔=Ag.Mj'RNÓJ葻m^S{ZzyD7'i4O8|᳘OHE1BlzLx1P[i \U#u0 +jDT#XO-;bAcɖcbAL(fϸ d8w~{{B _9aɟ% e5.^6FpAe0"D`1.KدGSIx.-Yn kloi Ҵlq z2 +O!El%/l仅ӆwy\7G3K,~t 6gLXnj<H OlxwM/Hm4ꖜbI[rxuOM 3GHOF ?2"UD< QnVgk_~ ~ ~ ~ ~Aa/S[+.{}vjzY,$GAۏsB&fdC<7#X}CGWG^{ίT |mSÃigת>TtF&,>dt~( ,al Iz4v L}^0 5vvPK ͗}I6^wL{(8x0<9E_^؀ncˊ8\)(5,f-S=Q!AB# WBGȉJ4֟C(ez dd0fIaa/vr6yx9pHxhbH_3-"cdW=})7ЪQK̲9^M`>]:Y`1Ʈʗ;ͫC-ы%`RA@`ȅw9HB_o{6֥&Og9/}AyX^^ ,g Gw=cs$%?[^,mI))jܺ5p_-`B/|jΑ{[tp3:f) 0U{mXoyw>k3")A5[o[6௺eul:q/HЙz=W/%4C2ĚNa+Iiqlro9 gS&e< ,~h#=>b98Z"O<@1;>&3hn)@QnۊHԭ'W-N ֏/*`5-k;hO7>iC$&Hm%0O ǜϸjc"b7?ta[|+`60:&A'я"{tp xIcY+ Z6_+kf?O #^tIw'y{LdE:eiG)2; (opob䭼]d?߿ߋ!?S oI?I5?4O:g&d)?)T.fowN >@vxwم!p tX)awǶ-즪F˸qυP&-%8I B(l FLAwPYя TeQO^tUfݯD*&a7,%0-gO+A#C!5z ad}$ƽztyy`Lh GʨX/[a0G1Z%GBA8AX$XD Ň^ŀ KIbe3)M5k 0 `"Ω,, Y4𲨐K11\Rë;jPY-OQ/ ]ZX,:~eL<^^AF3 i/"r\IoA$TC'rM`,Oku llN󼦘!Vy <7LajS;Xif»yb+n'-浻3x"(ͪNDR`hi*{ >^nHte45A"@`m 4,\ :\πTnA4`C"]hR%䉾3[Oѩ H[5A\N{3eJMh>#Ծ7=F+1/նWS lO1V`HWlfmmYQ ֶBۅ]a%2E[f:'٦v lсHz.M ?_J m+WQ^_fVܞVk! |Tbx@vʹUh%!mF(hdtix*#~SxcLW<0՘0t+PʲjNT\OpY=XCE3 î w?VH o[ȺexxJ"6rKbq֢ORkoV00$wA>po<|S,TZ~K"?{|fـjcE~E:td.6Ƚ<"&s'؏p{S;"΀௅oX{+$ʽOg-<-RWld""@Ո*_Ѻm~F~h/Uw[7= d Lp@VXțF@EC*v)N ANxl0W)^̂- [zq٥O-auh c6zSrA1HSvnH~[?\ "1"W'pp\`sr4@K[L*2&Bs8{_oz=&:K%œ 5" 2L n#bhD1fHǼi֌͈ iu/lAӃ("|궯[/ T6CĊ1gGi>'_@{~HgU,KET&}fAm??&~eKL)awSa/x ` 3 u|`EP00a|L?ѦqPOnNS S3f;. l9 :W 1&|.%nK 9RyL ]ǒ 4B1h6SB2_7=}m|?݉2{xbwT IhR tP(9CȮ KD8_]{ƠYQ^*_(ӄ^I+\QY / PIj WuOSISkw9h^__~&$7}<޴9i]vooWj(;u{{}պi_ss;#A6Rf&R0mw 5UbvʌPNGcͅfU,xje^/J>M+TO|ݿ@)Qe;ʋ QW~0sUNMPp4ħeOW\#4[E%eFPsF/PKF ߬/?m63ʻP(GN/?2Ot}9<>2#\_~5.gF,gWvF?2?C2>vNtNɂdзdЧw2v2Oѫ >A ((#坌r߫ʐ+Bf.n~kx:  {/>_?/1>ArS~~2w Y{ f wɹN2!(ofYNo\8'\$_YWAa uuQ~yחW P/nt3 :W?3z^}NV&/Yr]!,.%PUZ« /Y[Sʹqմ  VD=՞bMdG,DlG\%f1'M] s9|,y|e8Nt7<17 }^f>>? Vt{rUtKn yɫr%>|#rӚܴO]v<2kݫ++#BAf_b 9y?'OxVf|4;([ЙqerޢD)+Fyk@Lg<}eR 76Ǜv3{xuCZ7WuC=gz}yPW4MdBgpXc$+"7<R9Kq`FPKt-ӯ.1"q`j@L ;J*V*r;~O;A"ð3 *+P#}a`J\L3BAzG l]{ۦJ̾jCO3CX)x}̺lk %e@Z/`5ݤ1l:Al spa3 Ӯ߯' U?틷@$YLAŊr2Fdu#aq1ld@(we6Lm (~%.,x(|vk@-\o q[8 5 g[=ǙPĚ즷]ݍ;S Y/TB# ,tBۢ PL_k&2C5x*8" "kH "s{B|%ijP%n3!-Xs<&р] , {+2‡_i 궯E݉cEi_c̈́x{p>ev C >%v jcTF\gȌa)x<AR(~Q ^xjA߭eW?'gg_5b Fy&b3@p+,weC[gI2T~kJ=*P=eZPO] n",ݤd/+2b%m=HYUҎ_Βw. %Cb9G8]! MAE`A]˳kvB`լ`nwv"dW~/;vcSF)f'NFp)hN<}y?٢ uKğopm.; +Cୃ^p穎TU|J6A1^A wVǰYF!&ۅ7O80Ux|-h\}{M_;9LgѸ:"?X9<]d'KW±0_^5FElT$bB=AyY!ˣŬ"D0Ȯ'Z:tsh{h۟Z3THهl*~&&,{+ЃT~xFK-^иQ> χ"@Ԃ+"e})IDy)/π/(83}E.tqea#Vt*Nzϗf?PwyӾ|C*'U]ώ7z_Za}BeFBl4*ŷъe&?CKxI7ݏWgRXBYS$DY+ AHcggɊxY0]\}!l4Gn_M4ZQwN㛼VtƢI:6pzrX(Պ[]jv[W셳Qbm٦d i29J{) qU˕46!an%nǝl| n%96L]_[ PFr()