Symantec Holes Open Up Firewalls to Attacks

Three "highly critical" flaws in Symantec's Firewall/VPN Appliance and Gateway Security products allow remote attackers to shut down a firewall.

Symantec Corp. has warned of a string of security holes in its Firewall/VPN Appliance and Gateway Security products, less than a month after its last firewall security problems.

Three new bugs could allow a remote attacker to shut down a firewall appliance, identify active services in the WAN (wide area network) interface and alter the firewalls configuration, Symantec said in a Wednesday advisory.

All three flaws, which Rigel Kent Security & Advisory Services discovered, affect Symantec Firewall/VPN Appliance 100, 200 and 200R models; Gateway Security 320, 360 and 360R are vulnerable to all but one, a denial-of-service bug.

An attacker could cause the firewall products to stop responding by exploiting an error within the connection handling via a port scan of all WAN interface ports, according to security researcher Secunia, which ranked the flaws as "highly critical." The second bug is found in the firewalls default rule set, which allows an attacker to listen for and identify UDP services, if a particular port is used.

The second flaw can be exploited together with a third bug involving the SNMP (Simple Network Management Protocol) service to disclose and manipulate the firewalls configuration, effectively bypassing firewall security, researchers said.


For insights on security coverage around the Web, check out Security Center Editor Larry Seltzers Weblog.

As companies have grown ever more security-conscious and reliant on complex protection systems, researchers have subjected products such as VPNs and firewalls to increasing scrutiny.

Last month, Symantec warned of a flaw in its VPN and firewall server products that could allow an attacker to take over affected systems and gain access to corporate networks. That vulnerability lay in LibKmp, which Entrust provides to third parties for use in VPN products, meaning any LibKmp-based VPN was potentially affected.

In July, Internet Security Systems warned of a vulnerability in a wide range of Check Point Software Technologies VPN products, including versions of VPN-1, FireWall-1, Provider-1 and SSL Network Extender. Check Points enterprise security products are among the most widely used on the Internet. Similar Check Point VPN holes also appeared in February and May. In April, Cisco Systems disclosed a number of bugs in its products, including its VPN hardware and software.

A serious bug in the Kerberos authentication system, revealed earlier this month, also could have allowed access to protected corporate networks.


Check out eWEEK.coms Security Center for the latest security news, reviews and analysis.


Be sure to add our developer and Web services news feed to your RSS newsreader or My Yahoo page