Flaw discovered in Symantec firewall

A vulnerability has been discovered in Symantec Corp. firewall products that would let a knowledgeable attacker hijack any connection to Symantec’s software-based or appliance-based firewalls, thereby potentially gaining unauthorized access to internal corporate resources.

The discovery was made by security services firm Ubizen July 3, which contacted Symantec about the vulnerability. Both companies agreed to refrain from publicizing the problem until Symantec had prepared a software fix. This remedy has now been made available at Symantec’s Web site for eight basic models of its Raptor, Enterprise Firewall and VelociRaptor firewall products.

The software patch remedies weaknesses in the algorithm used in the firewall to randomly generate initial sequence numbers. The main problem, it appears, is the algorithm wasn’t generating new sequence numbers quickly enough to thwart potential hijacking attempts to break in.

“The algorithm for generating sequence numbers was flawed but has now been fixed,” said Kristof Philipsen, network security engineer at Ubizen. The algorithm had only been changing random sequence numbers every 35 minutes, which left a window of time for hackers to try to hijack the session or insert data.

Philipsen said he discovered the problem when running a network penetration test on a customer’s Symantec firewall using Ubizen’s in-house tool called ISN Probe, which is available as an open-source tool for download over the Web.

The Ubizen engineer acknowledged that the flaw that had existed in Symantec’s random-number generator was not necessarily easy for an attacker to exploit. “It would require a lot of skill,” Philipsen said.

Potentially though, attackers could hijack encrypted or unencrypted sessions by a user connecting to Symantec firewalls. These include: Raptor Firewall 6.5 based on Windows NT, Raptor Firewall 6.5.3 on Solaris, Symantec Enterprise Firewall 6.5.2 for Windows 2000 and NT, Symantec Enterprise Firewall v7.0 for Solaris, Windows 2000 and NT, the VelociRaptor Model 500/700/1000 and Models 1100/1200/1300 as well as Symantec Gateway Security 5110/5200/5300.

Philipsen said the software patch, which is easy to install, fixes the random-number generator problem.

As to why it took a whole month for Symantec to prepare the software patch to fix the problem, Symantec’s Product Manager Michele Araujo said Symantec was working closely with Ubizen on the algorithm flaw, but the process was slowed down when Ubizen employees close to the issue went on vacation.

“This is much longer than usual for us,” conceded Symantec Senior Director of Product Management Barry Cioe.

Symantec has made the software fix available at http://securityresponse.symantec.com/.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now