Vulnerability Name:

CVE-2009-3104 (CCN-52820)

Assigned:2009-08-27
Published:2009-08-27
Updated:2017-08-17
Summary:Unspecified vulnerability in Symantec Norton AntiVirus 2005 through 2008; Norton Internet Security 2005 through 2008; AntiVirus Corporate Edition 9.0 before MR7, 10.0, 10.1 before MR8, and 10.2 before MR3; and Client Security 2.0 before MR7, 3.0, and 3.1 before MR8; when Internet Email Scanning is installed and enabled, allows remote attackers to cause a denial of service (CPU consumption and persistent connection loss) via unknown attack vectors.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-399
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2009-3104

Source: OSVDB
Type: UNKNOWN
57429

Source: CCN
Type: SA36493
Symantec Products Internet Email Scanning Denial of Service

Source: SECUNIA
Type: Vendor Advisory
36493

Source: CCN
Type: OSVDB ID: 57429
Symantec Multiple Products Internet Email Scanning Functionality Crafted Email Handling Infinite Loop DoS

Source: BID
Type: UNKNOWN
34670

Source: CCN
Type: BID-34670
Multiple Symantec Products Email Handling Denial Of Service Vulnerability

Source: CCN
Type: SYM09-012
Norton AntiVirus and Symantec Client Security Email Denial of Service Vulnerability

Source: CONFIRM
Type: UNKNOWN
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_01

Source: VUPEN
Type: Vendor Advisory
ADV-2009-2449

Source: XF
Type: UNKNOWN
symantec-email-scan-dos(52820)

Source: XF
Type: UNKNOWN
symantec-email-scan-dos(52820)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:symantec:antivirus:9.0:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:9.0:mr6:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0:mr1:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0:mr2:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.1:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.1:mp1:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.1:mr4:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.1:mr5:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.1:mr6:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.1:mr7:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.2:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.2:mr2:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:2.0:mr6:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0:mr1:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0:mr2:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.1:mr4:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.1:mr5:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.1:mr6:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.1:mr7:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:2005:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:2007:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:2008:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_internet_security:2005:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_internet_security:2007:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_internet_security:2008:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:symantec:norton_antivirus:2005:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_internet_security:2005:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:2007:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_internet_security:2007:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:2008:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_internet_security:2008:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0::corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:9.0:-:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.1::corporate:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.2::corporate:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    symantec antivirus 9.0
    symantec antivirus 9.0 mr6
    symantec antivirus 10.0
    symantec antivirus 10.0 mr1
    symantec antivirus 10.0 mr2
    symantec antivirus 10.1
    symantec antivirus 10.1 mp1
    symantec antivirus 10.1 mr4
    symantec antivirus 10.1 mr5
    symantec antivirus 10.1 mr6
    symantec antivirus 10.1 mr7
    symantec antivirus 10.2
    symantec antivirus 10.2 mr2
    symantec client security 2.0
    symantec client security 2.0 mr6
    symantec client security 3.0
    symantec client security 3.0 mr1
    symantec client security 3.0 mr2
    symantec client security 3.1
    symantec client security 3.1 mr4
    symantec client security 3.1 mr5
    symantec client security 3.1 mr6
    symantec client security 3.1 mr7
    symantec norton antivirus 2005
    symantec norton antivirus 2006
    symantec norton antivirus 2007
    symantec norton antivirus 2008
    symantec norton internet security 2005
    symantec norton internet security 2006
    symantec norton internet security 2007
    symantec norton internet security 2008
    symantec norton antivirus 2005
    symantec norton internet security 2005
    symantec norton antivirus 2006
    symantec client security 3.0
    symantec norton internet security 2006
    symantec client security 3.1
    symantec norton antivirus 2007
    symantec norton internet security 2007
    symantec norton antivirus 2008
    symantec norton internet security 2008
    symantec antivirus 10.0
    symantec antivirus 9.0 -
    symantec antivirus 10.1
    symantec client security 2.0
    symantec antivirus 10.2