CVE-2002-0990

Description

The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 through 7.0, Raptor Firewall 6.5 and 6.5.3, VelociRaptor, and Symantec Gateway Security allow remote attackers to cause a denial of service (connection resource exhaustion) via multiple connection requests to domains whose DNS server is unresponsive or does not exist, which generates a long timeout.

Affected products

• Symantec / enterprise_firewall6.5.2 – 6.5.2
• Symantec / enterprise_firewall7.0 – 7.0
• Symantec / enterprise_firewall7.0 – 7.0
• Symantec / gateway_security5300 – 5300
• Symantec / gateway_security5110 – 5110
• Symantec / gateway_security5200 – 5200
• Symantec / raptor_firewall6.5.3 – 6.5.3
• Symantec / raptor_firewall6.5 – 6.5
• Symantec / velociraptor1100 – 1100
• Symantec / velociraptor1200 – 1200
• Symantec / velociraptor1300 – 1300
• Symantec / velociraptor700 – 700
• Symantec / velociraptor500 – 500
• Symantec / velociraptor1000 – 1000

References

• MISChttp://www.iss.net/security_center/static/10364.php
• MAILING_LISThttp://marc.info/?l=bugtraq&m=103463869503124&w=2
• MISChttp://securityresponse.symantec.com/avcenter/security/Content/2002.10.11.html
• MISChttp://www.securityfocus.com/bid/5958