Thread-topic: [SA21938] Symantec Norton Personal Firewall Denial of Service
> Symantec Norton Personal Firewall Denial of Service
> SECUNIA ADVISORY ID:
> VERIFY ADVISORY:
> Not critical
> Local system
> Symantec Norton Personal Firewall 2005
> Symantec Norton Personal Firewall 2006
> David Matousek has discovered a vulnerability in Symantec Norton
> Personal Firewall, which can be exploited by malicious, local users
> to cause a Denial of Service.
> The vulnerability is caused due to an error in the handling of data
> sent to the "\Device\SymEvent" device which is writable by
> "Everyone". This can be exploited to crash a vulnerable system by
> sending malformed data.
> The vulnerability has been confirmed in Symantec Norton Personal
> Firewall 2005 versions 126.96.36.199 and 188.8.131.52, and has also been
> reported in Symantec Norton Personal Firewall 2006 version 184.108.40.206.
> Other versions may also be affected.
> Grant only trusted users access to affected systems.
> PROVIDED AND/OR DISCOVERED BY:
> David Matousek
> ORIGINAL ADVISORY: