Symantec patches four critical firewall flaws

Symantec has issued patches for most of its firewall and antivirus products in order to fix four serious security holes

For the third time this year, Internet security firm Symantec has had to release patches to plug critical security flaws in many of its popular antivirus and firewall packages.

Security firm eEye on Wednesday published details of four security holes that affect a range of Symantec's client-based applications including Norton Internet Security, Norton AntiVirus and Norton AntiSpam. Symantec has published a security response on its Web site.

Guido Sanchidrián, Symantec's EMEA product manager for antivirus, content filtering and security response, said the company has spent the past month developing fixes for the vulnerabilities and has now made the patches available to its customers.

"Anyone who regularly runs Symantec LiveUpdate should already be protected. However, to be sure, customers should manually run Symantec LiveUpdate," Sanchidrián said.

Philippe Alcoy, senior security consultant at eEye, said the people most at risk are those not protected by a perimeter firewall. This might include people in smaller businesses, home users and corporate laptop users not using their VPN.

"Most corporate environments have perimeter firewalls so users behind that are only vulnerable to an internal attack, but users taking laptops home are at risk," Alcoy said.

Of the four flaws, three could allow a hacker to take control of an affected system, while one could be used to force a computer into an infinite loop by simply sending it a specially crafted packet of data.

"That's a big problem if the machine is a mission-critical server," said Alcoy.

The flaws were first reported to Symantec on 19 April, which means the company has taken just under a month to develop a patch. According to eEye, this is a "reasonable" amount of time to address the vulnerabilities.

In January, Symantec plugged a gap in its LiveUpdate feature that could have allowed hackers to gain administrator rights on an affected PC. Just two months later, the company admitted its Internet Security package contained a back door that could be used by hackers to take control of the machine.

The flaws affect the following packages: Norton Internet Security and Norton Internet Security Professional 2002, 2003 and 2004; Norton Personal Firewall 2002, 2003 and 2004; Symantec Client Firewall 5.01, 5.1.1; Symantec Client Security 1.0, 1.1, 2.0(SCF 7.1) and Norton AntiSpam 2004.

Symantec's Sanchidrián said the company does not believe any of its customers have been affected by the flaws at this time.