CVE-2004-0375
First published: Wed May 05 2004(Updated: )
SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton Personal Firewall 2003 and 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 and 1.1 allow remote attackers to cause a denial of service (infinite loop) via a TCP packet with (1) SACK option or (2) Alternate Checksum Data option followed by a length of zero.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec Client Firewall | =5.01 | |
| Symantec Client Firewall | =5.1.1 | |
| Symantec Client Security | =1.0 | |
| Symantec Client Security | =1.1 | |
| Symantec Norton Internet Security 2010 | =2003 | |
| Symantec Norton Internet Security 2010 | =2003 | |
| Symantec Norton Internet Security 2010 | =2004 | |
| Symantec Norton Internet Security 2010 | =2004 | |
| Symantec Norton Personal Firewall | =2003 | |
| Symantec Norton Personal Firewall | =2004 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/9912
- http://www.symantec.com/avcenter/security/Content/2004.04.20.html
- http://www.eeye.com/html/Research/Upcoming/20040309.html
- http://securitytracker.com/id?1009379
- http://securitytracker.com/id?1009380
- http://marc.info/?l=bugtraq&m=108275582432246&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15936
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15433
Frequently Asked Questions
What is the severity of CVE-2004-0375?
CVE-2004-0375 is classified as a denial of service vulnerability.
How do I fix CVE-2004-0375?
To mitigate CVE-2004-0375, users should update to the latest versions of Symantec Norton Internet Security or other affected products.
What products are affected by CVE-2004-0375?
CVE-2004-0375 affects Symantec Norton Internet Security 2003 and 2004, Norton Personal Firewall 2003 and 2004, Client Firewall versions 5.01 and 5.1.1, and Client Security versions 1.0 and 1.1.
What kind of attack does CVE-2004-0375 exploit?
CVE-2004-0375 can be exploited through a crafted TCP packet containing a SACK option or Alternate Checksum.
When was CVE-2004-0375 reported?
CVE-2004-0375 was reported in April 2004.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/author
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/symantec
- canonical/symantec client firewall
- version/symantec client firewall/5.01
- version/symantec client firewall/5.1.1
- canonical/symantec client security
- version/symantec client security/1.0
- version/symantec client security/1.1
- canonical/symantec norton internet security 2010
- version/symantec norton internet security 2010/2003
- version/symantec norton internet security 2010/2004
- canonical/symantec norton personal firewall
- version/symantec norton personal firewall/2003
- version/symantec norton personal firewall/2004