Vulnerability CVE-2004-0444

Vulnerability Name:

CVE-2004-0444 (CCN-16134)

Assigned:

2004-05-12

Published:

2004-05-12

Updated:

2017-07-11

Summary:

Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet Security and Professional 2002 through 2004, Norton Personal Firewall 2002 through 2004, Norton AntiSpam 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 through 2.0 allow remote attackers to cause a denial of service or execute arbitrary code via (1) a manipulated length byte in the first-level decoding routine for NetBIOS Name Service (NBNS) that modifies an index variable and leads to a stack-based buffer overflow, (2) a heap-based corruption problem in an NBNS response that is missing certain RR fields, and (3) a stack-based buffer overflow in the DNS component via a Resource Record (RR) with a long canonical name (CNAME) field composed of many smaller components.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: Full-Disclosure Mailing List, Wed May 12 2004 - 19:02:46 CDT
EEYE: Symantec Multiple Firewall NBNS Response Remote Heap Corruption

Source: MITRE
Type: CNA
CVE-2004-0444

Source: FULLDISC
Type: UNKNOWN
20040512 EEYE: Symantec Multiple Firewall NBNS Response Processing Stack Overflow

Source: FULLDISC
Type: UNKNOWN
20040512 EEYE: Symantec Multiple Firewall Remote DNS KERNEL Overflow

Source: FULLDISC
Type: UNKNOWN
20040512 EEYE: Symantec Multiple Firewall NBNS Response Remote Heap Corruption

Source: CCN
Type: SA11066
Symantec Client Firewall Products Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
11066

Source: CCN
Type: Symantec Security Response SYM04-008
Symantec Client Firewall Remote Access and Denial of Service Issues

Source: CONFIRM
Type: UNKNOWN
http://securityresponse.symantec.com/avcenter/security/Content/2004.05.12.html

Source: CCN
Type: SECTRACK ID: 1010144
Symantec Client Firewall SYMDNS.SYS Driver Lets Remote Users Execute Arbitrary Code to Take Full Control of the System

Source: SECTRACK
Type: UNKNOWN
1010144

Source: CCN
Type: SECTRACK ID: 1010145
Symantec Client Security SYMDNS.SYS Driver Lets Remote Users Execute Arbitrary Code to Take Full Control of the System

Source: SECTRACK
Type: UNKNOWN
1010145

Source: CCN
Type: SECTRACK ID: 1010146
Norton AntiSpam SYMDNS.SYS Driver Lets Remote Users Execute Arbitrary Code to Take Full Control of the System

Source: SECTRACK
Type: UNKNOWN
1010146

Source: CCN
Type: CIAC Information Bulletin O-141
Symantec Client Firewall Remote Access Vulnerabilities

Source: CIAC
Type: UNKNOWN
O-141

Source: CCN
Type: US-CERT VU#294998
Multiple Symantec firewall products contain a heap corruption vulnerability in the handling of NBNS response packets

Source: CERT-VN
Type: Patch, Third Party Advisory, US Government Resource
VU#294998

Source: CCN
Type: US-CERT VU#634414
Multiple Symantec firewall products fail to properly process NBNS response packets

Source: CERT-VN
Type: Patch, Third Party Advisory, US Government Resource
VU#634414

Source: CCN
Type: US-CERT VU#637318
Multiple Symantec firewall products contain a buffer overflow in the processing of DNS resource records

Source: CERT-VN
Type: US Government Resource
VU#637318

Source: OSVDB
Type: UNKNOWN
6099

Source: OSVDB
Type: UNKNOWN
6101

Source: OSVDB
Type: UNKNOWN
6102

Source: CCN
Type: OSVDB ID: 6099
Symantec Multiple Firewall NBNS Response Processing Overflow

Source: CCN
Type: OSVDB ID: 6101
Symantec Multiple Firewall NBNS Response Remote Heap Corruption

Source: CCN
Type: OSVDB ID: 6102
Symantec Multiple Firewall Remote DNS KERNEL Overflow

Source: BID
Type: UNKNOWN
10333

Source: CCN
Type: BID-10333
Symantec Client Firewall NetBIOS Name Service Response Buffer Overflow Vulnerability

Source: BID
Type: UNKNOWN
10334

Source: CCN
Type: BID-10334
Symantec Client Firewall DNS Response Buffer Overflow Vulnerability

Source: BID
Type: UNKNOWN
10335

Source: CCN
Type: BID-10335
Symantec Client Firewall NetBIOS Handler Remote Heap Overflow Vulnerability

Source: XF
Type: UNKNOWN
symantec-nbns-response-bo(16134)

Source: XF
Type: UNKNOWN
symantec-nbns-response-bo(16134)

Source: XF
Type: UNKNOWN
symantec-firewalls-nbns-bo(16135)

Source: XF
Type: UNKNOWN
symantec-dns-response-bo(16137)

Vulnerable Configuration:

Configuration 1:

cpe:/a:symantec:client_firewall:5.01:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_firewall:5.1.1:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:1.0:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:1.1:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:1.2:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:1.3:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:1.4:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:1.5:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:1.6:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:1.7:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:1.8:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:1.9:*:*:*:*:*:*:*

OR cpe:/a:symantec:client_security:2.0:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_antispam:2004:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_internet_security:2002:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_internet_security:2002:*:pro:*:*:*:*:*

OR cpe:/a:symantec:norton_internet_security:2003:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_internet_security:2003:*:pro:*:*:*:*:*

OR cpe:/a:symantec:norton_internet_security:2004:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_internet_security:2004:*:pro:*:*:*:*:*

OR cpe:/a:symantec:norton_personal_firewall:2002:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_personal_firewall:2003:*:*:*:*:*:*:*

OR cpe:/a:symantec:norton_personal_firewall:2004:*:*:*:*:*:*:*

Denotes that component is vulnerable

Vulnerability Name:

CVE-2004-0444 (CCN-16137)

Assigned:

2004-05-12

Published:

2004-05-12

Updated:

2004-05-12

Summary:

Symantec Norton Internet Security is vulnerable to a stack-based buffer overflow, caused by improper bounds checking of the CNAME field in the SYMDNS.SYS driver. A remote attacker can send a Domain Name System (DNS) response with a long canonical name to overflow a buffer and execute arbitrary code on the system with kernel-level privileges.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial