Symantec Patches 'High Risk' FlawsBy Ryan Naraine | Posted 2004-12-31 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
Vulnerabilities in Nexland Firewall appliances put users at risk of security bypass, manipulation of data and denial-of-service attacks.Network security vendor Symantec Corp. has rolled out fixes for three high-risk security holes in its Nexland Firewall appliances.
The flaws could put users at risk of security bypass, manipulation of data and denial-of-service attacks, according to an advisory from research outfit Secunia, which rates the vulnerabilities as "highly critical."
Symantec confirmed that the vulnerabilities had been identified in the Symantec Firewall/VPN Appliance 100, 200 and 200R models. The Symantec Gateway Security 320, 360 and 360R are vulnerable to only two of the issues, which have been resolved, the company explained in a note posted online.
The Symantec Gateway Security models 320, 360 and 360R are not vulnerable to the denial-of-service issue but have been validated as being vulnerable to the other two issues.
Symantec is urging customers to upgrade to the firmware builds labeled 1.63 for Symantec Firewall/VPN Appliance models100, 200 and 200R. Firmware build 622 has been posted for the Symantec Gateway Security Appliance models 320, 360 and 360R.
The company has also released firmware build 16U for the Nexland Firewall Appliances.
The Nexland firewall appliances, which Symantec acquired last year, are primarily used in branch offices and home offices.
Check out eWEEK.com's for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.