CVE-2004-0375 - OpenCVE

SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton Personal Firewall 2003 and 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 and 1.1 allow remote attackers to cause a denial of service (infinite loop) via a TCP packet with (1) SACK option or (2) Alternate Checksum Data option followed by a length of zero.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Symantec	Client Firewall Client Security Norton Internet Security Norton Personal Firewall

Configuration 1 [-]

OR	cpe:2.3:a:symantec:client_firewall:5.01:::::::*
	cpe:2.3:a:symantec:client_firewall:5.1.1:::::::*
	cpe:2.3:a:symantec:client_security:1.0:::::::*
	cpe:2.3:a:symantec:client_security:1.1:::::::*
	cpe:2.3:a:symantec:norton_internet_security:2003:::::::*
	cpe:2.3:a:symantec:norton_internet_security:2003::pro:::::
	cpe:2.3:a:symantec:norton_internet_security:2004:::::::*
	cpe:2.3:a:symantec:norton_internet_security:2004::pro:::::
	cpe:2.3:a:symantec:norton_personal_firewall:2003:::::::*
	cpe:2.3:a:symantec:norton_personal_firewall:2004:::::::*

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=108275582432246&w=2
http://securitytracker.com/id?1009379
http://securitytracker.com/id?1009380
http://www.eeye.com/html/Research/Upcoming/20040309.html
http://www.securityfocus.com/bid/9912
http://www.symantec.com/avcenter/security/Content/2004.04.20.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/15433
https://exchange.xforce.ibmcloud.com/vulnerabilities/15936

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2004-05-05T04:00:00

Updated: 2024-08-08T00:17:14.445Z

Reserved: 2004-03-29T00:00:00

Link: CVE-2004-0375

Vulnrichment

No data.

NVD

Status : Modified

Published: 2004-08-18T04:00:00.000

Modified: 2017-07-11T01:30:06.840

Link: CVE-2004-0375

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-04-23T00:00:00", "descriptions": [{"lang": "en", "value": "SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton Personal Firewall 2003 and 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 and 1.1 allow remote attackers to cause a denial of service (infinite loop) via a TCP packet with (1) SACK option or (2) Alternate Checksum Data option followed by a length of zero."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1009379", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1009379"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.symantec.com/avcenter/security/Content/2004.04.20.html"}, {"name": "1009380", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1009380"}, {"name": "norton-firewalls-dos(15433)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15433"}, {"name": "symantec-firewall-tcp-dos(15936)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15936"}, {"tags": ["x_refsource_MISC"], "url": "http://www.eeye.com/html/Research/Upcoming/20040309.html"}, {"name": "20040423 EEYE: Symantec Multiple Firewall TCP Options Denial of Service", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=108275582432246&w=2"}, {"name": "9912", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/9912"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0375", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton Personal Firewall 2003 and 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 and 1.1 allow remote attackers to cause a denial of service (infinite loop) via a TCP packet with (1) SACK option or (2) Alternate Checksum Data option followed by a length of zero."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1009379", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1009379"}, {"name": "http://www.symantec.com/avcenter/security/Content/2004.04.20.html", "refsource": "CONFIRM", "url": "http://www.symantec.com/avcenter/security/Content/2004.04.20.html"}, {"name": "1009380", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1009380"}, {"name": "norton-firewalls-dos(15433)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15433"}, {"name": "symantec-firewall-tcp-dos(15936)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15936"}, {"name": "http://www.eeye.com/html/Research/Upcoming/20040309.html", "refsource": "MISC", "url": "http://www.eeye.com/html/Research/Upcoming/20040309.html"}, {"name": "20040423 EEYE: Symantec Multiple Firewall TCP Options Denial of Service", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=108275582432246&w=2"}, {"name": "9912", "refsource": "BID", "url": "http://www.securityfocus.com/bid/9912"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T00:17:14.445Z"}, "title": "CVE Program Container", "references": [{"name": "1009379", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1009379"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.symantec.com/avcenter/security/Content/2004.04.20.html"}, {"name": "1009380", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1009380"}, {"name": "norton-firewalls-dos(15433)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15433"}, {"name": "symantec-firewall-tcp-dos(15936)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15936"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.eeye.com/html/Research/Upcoming/20040309.html"}, {"name": "20040423 EEYE: Symantec Multiple Firewall TCP Options Denial of Service", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=108275582432246&w=2"}, {"name": "9912", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/9912"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0375", "datePublished": "2004-05-05T04:00:00", "dateReserved": "2004-03-29T00:00:00", "dateUpdated": "2024-08-08T00:17:14.445Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:symantec:client_firewall:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "4AEFBAEB-18D4-4082-9F19-C47113841C89", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:client_firewall:5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "6EA9657C-14D2-418A-AABD-96392E87F4B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:client_security:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "C1DFD4CB-40A1-4D70-97AC-0941826F28CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:client_security:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "7483F6DD-EDC0-497E-A5A9-B186E02CCCEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:norton_internet_security:2003:*:*:*:*:*:*:*", "matchCriteriaId": "AEF97C5F-3A80-4973-85FD-5BCE43B32AD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:norton_internet_security:2003:*:pro:*:*:*:*:*", "matchCriteriaId": "1F0BF645-7C56-4ED6-91C0-AE4CFAB62EE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:norton_internet_security:2004:*:*:*:*:*:*:*", "matchCriteriaId": "2ACBDE0C-91D2-4357-9724-B60BBFF5D2B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:norton_internet_security:2004:*:pro:*:*:*:*:*", "matchCriteriaId": "D7875372-44D7-47AB-8F8C-4A3AB98FB3B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:2003:*:*:*:*:*:*:*", "matchCriteriaId": "74E5CAF7-C305-4FAF-8DA7-627D83F65185", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:2004:*:*:*:*:*:*:*", "matchCriteriaId": "36C0FF0C-EB6E-479B-BFF9-E55CBC0D6500", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton Personal Firewall 2003 and 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 and 1.1 allow remote attackers to cause a denial of service (infinite loop) via a TCP packet with (1) SACK option or (2) Alternate Checksum Data option followed by a length of zero."}, {"lang": "es", "value": "SIMNDIS.SYS en Symantec Norton Internet Securiy 2003 y 2004, Norton Personal Firewall 2003 y 2004, Client Firewall 5.01 y 5.1.1, y Client Security 1.0 y 1.1 permite a atacantes remotos causar una denegaci\u00f3n de servicio (bucle infinito) mediante un paquete TCP con (1) opci\u00f3n SACK o (2) opci\u00f3n Suma de Comprobaci\u00f3n de Datos Alternativa seguida por una longitud cero."}], "id": "CVE-2004-0375", "lastModified": "2017-07-11T01:30:06.840", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-08-18T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=108275582432246&w=2"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1009379"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1009380"}, {"source": "cve@mitre.org", "url": "http://www.eeye.com/html/Research/Upcoming/20040309.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/9912"}, {"source": "cve@mitre.org", "url": "http://www.symantec.com/avcenter/security/Content/2004.04.20.html"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15433"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15936"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}