Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

vulnerability in Symantec products

from [security] Network Security [Permanent Link]
Subject: vulnerability in Symantec products
Date: 26 Oct 2006 22:30:11 -0000 
Critical vulnerability was discovered in Symantec Internet Security 2005, 
posible afected products: Symantec Personal Firewall 2005, Symantec Internet 
Security 2004, Symantec Personal Firewall 2004,  Symantec Personal Firewall 
2003, Symantec Internet Security 2006, Symantec Personal Firewall 2006.

Defective program feature allows to establish remote connections undetected - 
thus creating a perfect exploit for trojans and hacker activities. Symantec 
products generally have a rule "Default outbound NetBIOS", allowing programs to 
establish direct IP connections on ports 137, 138, 139. Therefore, trojan 
programs can undetectably bypass Symantec firewall and connect on these ports 
to attacker's remote server. However, resolving IP from DNS will be detected by 
the firewall.

Solutions:
- Disable "Default outbound NetBIOS" rule
- Modify "Default outbound NetBIOS" rule and restrict connections only to LAN

--------------------------------------------------
DimichSoft Security Group
http://www.dimichsoft.com/security.html
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Mozilla Firefox JavaScript Handler Race Condition Memory Corruption Vulnerability, Christian Kalkhoff
Next by Date:  [Full-disclosure] ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability, zdi-disclosures
Previous by Thread:  phpFaber CMS Cross Site Scripting, security
Next by Thread:  Re: vulnerability in Symantec products, jay.tomas
Indexes:  [Date] [Thread] [Top] [All Lists]