Flaw discovered in Symantec firewall

A vulnerability has been discovered in Symantec firewall products that would let a knowledgeable attacker hijack any connection to Symantec's software-based or appliance-based firewalls, thereby potentially gaining unauthorized access to internal corporate resources.

The discovery was made by security services firm Ubizen July 3, which contacted Symantec about the vulnerability. Both companies agreed to refrain from publicizing the problem until Symantec had prepared a software fix. This remedy has now been made available at Symantec's Web site for eight basic models of its Raptor, Enterprise Firewall and VelociRaptor firewall products.

The software patch remedies weaknesses in the algorithm used in the firewall to randomly generate initial sequence numbers. The main problem, it appears, is the algorithm wasn't generating new sequence numbers quickly enough to thwart potential hijacking attempts to break in.

"The algorithm for generating sequence numbers was flawed but has now been fixed," said Kristof Philipsen, network security engineer at Ubizen. The algorithm had only been changing random sequence numbers every 35 minutes, which left a window of time for hackers to try to hijack the session or insert data.

Philipsen said he discovered the problem when running a network penetration test on a customer's Symantec firewall using Ubizen's in-house tool called ISN Probe, which is available as an open-source tool for download over the Web.

The Ubizen engineer acknowledged that the flaw that had existed in Symantec's random-number generator was not necessarily easy for an attacker to exploit. "It would require a lot of skill," Philipsen said.

Potentially though, attackers could hijack encrypted or unencrypted sessions by a user connecting to Symantec firewalls. These include: Raptor Firewall 6.5 based on Windows NT, Raptor Firewall 6.5.3 on Solaris, Symantec Enterprise Firewall 6.5.2 for Windows 2000 and NT, Symantec Enterprise Firewall v7.0 for Solaris, Windows 2000 and NT, the VelociRaptor Model 500/700/1000 and Models 1100/1200/1300 as well as Symantec Gateway Security 5110/5200/5300.

Philipsen said the software patch, which is easy to install, fixes the random-number generator problem.

As to why it took a whole month for Symantec to prepare the software patch to fix the problem, Symantec's product manager Michele Araujo said Symantec was working closely with Ubizen on the algorithm flaw, but the process was slowed down when Ubizen employees close to the issue went on vacation.

"This is much longer than usual for us," conceded Symantec senior director of product management Barry Cioe.

Symantec has made the software fix available at http://securityresponse.symantec.com/.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ellen Messmer

Computerworld
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Michael Hargreaves

Windows 10 for Business / Dell XPS

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?