Symantec Patches ICMP Denial-of-Service Flaw

Products patched include the Symantec Gateway Security Series, the Symantec Enterprise Firewall and the Symantec Firewall/VPN Appliance.

Symantec late Monday became the latest vendor to ship a batch of enterprise-facing product upgrades to protect against a known vulnerability in a widely used messaging protocol.

The Cupertino, Calif.-based Symantec Corp. said in an advisory that the vulnerability could put users at risk of denial-of-service attacks.

Affected products include multiple versions of the Symantec Gateway Security Series, the Symantec Enterprise Firewall, the Symantec Firewall/VPN Appliance, the Nexland Firewall Appliance and the Symantec VelociRaptor.

The company urged users to apply hotfixes and firmware updates from its tech support Web site. Some of the patches can be downloaded through Symantecs LiveUpdate feature.

The Symantec patches cover a publicly reported flaw in ICMP (Internet Control Message Protocol), the networking protocol used in the majority of networked computer systems.

According to an alert from the U.K.-based NISCC (National Infrastructure Security Co-ordination Center), the bug can be exploited via ICMP packets with TCP payloads.

The NISCC said the impact of the flaw varies by vendor and application, but in some deployment scenarios, the Center warned it is likely to be rated medium to high.

"If exploited, the TCP blind connection-reset vulnerability could allow an attacker to create a denial-of-service condition against existing TCP connections, resulting in premature session termination," the group said.

Symantec said its security gateway products were thoroughly tested to determine susceptibility to the identified issues and warned that a prolonged attack scenario "could potentially be remotely exploited by an unauthorized user resulting in a denial-of-service against the affected products."

/zimages/2/28571.gifRead more here about Symantec releasing patches for a vulnerability in several products.

Cisco Systems Inc. has also released fixes for multiple products affected by the ICMP flaw.

In an alert posted online, the routing and switching giant said vulnerable products include IOS (Internetwork Operating Software) with PMTUD enabled, IOS XR, Catalyst 4000 and 6000 switches, the Cisco Aironet Wireless LAN Access Points and Bridges and the CMM (Communication Media Module).

/zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.