CVE-2004-0444
Description
Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet Security and Professional 2002 through 2004, Norton Personal Firewall 2002 through 2004, Norton AntiSpam 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 through 2.0 allow remote attackers to cause a denial of service or execute arbitrary code via (1) a manipulated length byte in the first-level decoding routine for NetBIOS Name Service (NBNS) that modifies an index variable and leads to a stack-based buffer overflow, (2) a heap-based corruption problem in an NBNS response that is missing certain RR fields, and (3) a stack-based buffer overflow in the DNS component via a Resource Record (RR) with a long canonical name (CNAME) field composed of many smaller components.
Affected products
23cpe:2.3:a:symantec:client_firewall:5.01:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:symantec:client_firewall:5.01:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_firewall:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:symantec:client_security:1.0:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:symantec:client_security:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:1.7:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:1.8:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:1.9:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antispam:2004:*:*:*:*:*:*:*
cpe:2.3:a:symantec:norton_internet_security:2002:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:symantec:norton_internet_security:2002:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:norton_internet_security:2002:*:pro:*:*:*:*:*
- cpe:2.3:a:symantec:norton_internet_security:2003:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:norton_internet_security:2003:*:pro:*:*:*:*:*
- cpe:2.3:a:symantec:norton_internet_security:2004:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:norton_internet_security:2004:*:pro:*:*:*:*:*
cpe:2.3:a:symantec:norton_personal_firewall:2002:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:symantec:norton_personal_firewall:2002:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:norton_personal_firewall:2003:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:norton_personal_firewall:2004:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
21- www.kb.cert.org/vuls/id/294998nvdPatchThird Party AdvisoryUS Government Resource
- www.kb.cert.org/vuls/id/634414nvdPatchThird Party AdvisoryUS Government Resource
- www.kb.cert.org/vuls/id/637318nvdUS Government Resource
- lists.grok.org.uk/pipermail/full-disclosure/2004-May/021360.htmlnvd
- lists.grok.org.uk/pipermail/full-disclosure/2004-May/021361.htmlnvd
- lists.grok.org.uk/pipermail/full-disclosure/2004-May/021362.htmlnvd
- secunia.com/advisories/11066nvd
- securityresponse.symantec.com/avcenter/security/Content/2004.05.12.htmlnvd
- securitytracker.com/idnvd
- securitytracker.com/idnvd
- securitytracker.com/idnvd
- www.ciac.org/ciac/bulletins/o-141.shtmlnvd
- www.osvdb.org/6099nvd
- www.osvdb.org/6101nvd
- www.osvdb.org/6102nvd
- www.securityfocus.com/bid/10333nvd
- www.securityfocus.com/bid/10334nvd
- www.securityfocus.com/bid/10335nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/16134nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/16135nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/16137nvd
News mentions
0No linked articles in our index yet.