Flaw discovered in Symantec firewall

A vulnerability has been discovered in Symantec firewall products that would let a knowledgeable attacker hijack any connection to Symantec's software-based or appliance-based firewalls, thereby potentially gaining unauthorized access to internal corporate resources.

The discovery was made by security services firm Ubizen July 3, which contacted Symantec about the vulnerability. Both companies agreed to refrain from publicizing the problem until Symantec had prepared a software fix. This remedy has now been made available at Symantec's Web site for eight basic models of its Raptor, Enterprise Firewall and VelociRaptor firewall products.

The software patch remedies weaknesses in the algorithm used in the firewall to randomly generate initial sequence numbers. The main problem, it appears, is the algorithm wasn't generating new sequence numbers quickly enough to thwart potential hijacking attempts to break in.

"The algorithm for generating sequence numbers was flawed but has now been fixed," said Kristof Philipsen, network security engineer at Ubizen. The algorithm had only been changing random sequence numbers every 35 minutes, which left a window of time for hackers to try to hijack the session or insert data.

Philipsen said he discovered the problem when running a network penetration test on a customer's Symantec firewall using Ubizen's in-house tool called ISN Probe, which is available as an open-source tool for download over the Web.

The Ubizen engineer acknowledged that the flaw that had existed in Symantec's random-number generator was not necessarily easy for an attacker to exploit. "It would require a lot of skill," Philipsen said.

Potentially though, attackers could hijack encrypted or unencrypted sessions by a user connecting to Symantec firewalls. These include: Raptor Firewall 6.5 based on Windows NT, Raptor Firewall 6.5.3 on Solaris, Symantec Enterprise Firewall 6.5.2 for Windows 2000 and NT, Symantec Enterprise Firewall v7.0 for Solaris, Windows 2000 and NT, the VelociRaptor Model 500/700/1000 and Models 1100/1200/1300 as well as Symantec Gateway Security 5110/5200/5300.

Philipsen said the software patch, which is easy to install, fixes the random-number generator problem.

As to why it took a whole month for Symantec to prepare the software patch to fix the problem, Symantec's product manager Michele Araujo said Symantec was working closely with Ubizen on the algorithm flaw, but the process was slowed down when Ubizen employees close to the issue went on vacation.

"This is much longer than usual for us," conceded Symantec senior director of product management Barry Cioe.

Symantec has made the software fix available at http://securityresponse.symantec.com/.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ellen Messmer

Computerworld

Comments

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?