Symantec Firewalls And Gateways Are Vulnerable To Attack

Symantec has announced that several of its firewalls and gateways are vulnerable to denial of service attacks, and has released firmware to fix them. Affected are Symantec Firewall/VPN Appliance 100, 200 and 200R and the Symantec Gateway Security 320, 360 and 360R.

Symantec noted on its Web site that the vulnerabilities "are remotely exploitable and can allow an attacker to perform a denial of service attack against the firewall appliance, identify active services in the WAN interface, and exploit one of these services to collect and alter the firewall's configuration." The Symantec Firewall/VPN Appliances, models 100, 200 and 200R are vulnerable to all three attacks, while the Symantec Gateway Security models 320, 360 and 360R are not vulnerable to the Denial of Service attack, but are vulnerable to the other two.

Secunia, a Denmark-based security firm, issued an advisory saying that the denial-of-service attack is made possible due to a problem with the firewall's connection handling, in which the firewall stops responding via a UDP port scan of all of the ports on the firewall's WAN interface.

Ottawa-based Rigel Kent Security & Advisory Services first reported the vulnerabilities to Symantec. Symantec said that it is unaware of any attempts to exploit the vulnerabilities.