BID:22977

Symantec SYMTDI.SYS Device Driver Local Denial of Service Vulnerability

Info

Symantec SYMTDI.SYS Device Driver Local Denial of Service Vulnerability

Bugtraq ID:	22977
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2007-1476
Remote:	No
Local:	Yes
Published:	Mar 15 2007 12:00AM
Updated:	Sep 06 2007 06:01PM
Credit:	Discovery is credited to David Matousek.
Vulnerable:	Symantec Norton Personal Firewall 2006 9.1.1 .7 Symantec Norton Personal Firewall 2006 9.1 .33 Symantec Norton Personal Firewall 2006 Symantec Norton Personal Firewall 2005 Symantec Norton Internet Security 2006 0 Symantec Norton Internet Security 2005 Symantec Norton AntiVirus 2006 Symantec Norton AntiVirus 2005 Symantec Norton AntiSpam 2005 0 + Symantec Norton Internet Security 2004 + Symantec Norton Internet Security 2004 Professional Edition Symantec Client Security 3.1.4 MR4 MP1 - build 4010 Symantec Client Security 3.1 .401 Symantec Client Security 3.1 .400 Symantec Client Security 3.1 .396 Symantec Client Security 3.1 .394 Symantec Client Security 3.0.2 .2021 Symantec Client Security 3.0.2 .2020 Symantec Client Security 3.0.2 .2011 Symantec Client Security 3.0.2 .2010 Symantec Client Security 3.0.2 .2002 Symantec Client Security 3.0.2 .2001 Symantec Client Security 3.0.2 .2000 Symantec Client Security 3.0 Symantec Client Security 2.0.6 MR6 Symantec Client Security 2.0.5 build 1100 Symantec Client Security 2.0.4 MR4 build 1000 Symantec Client Security 2.0.4 Symantec Client Security 2.0.3 MR3 b9.0.3.1000 Symantec Client Security 2.0.2 MR2 b9.0.2.1000 Symantec Client Security 2.0.1 MR1 b9.0.1.1000 Symantec Client Security 2.0 STM build 9.0.0.338 Symantec Client Security 2.0 (SCF 7.1) Symantec Client Security 2.0 (SCF 7.1) Symantec Client Security 2.0 Symantec Client Security 3.1.6.6000 Symantec Client Security 3.1.6.6000 Symantec Client Security 3.1 MR6 Symantec Client Security 3.1 Symantec Client Security 3.0.1.1008 Symantec Client Security 3.0.1.1007 Symantec Client Security 3.0.1.1001 Symantec Client Security 3.0.1.1000 Symantec Client Security 3.0.0.359 Symantec AntiVirus Corporate Edition 10.1.4 MR4 MP1 - build 4010 Symantec AntiVirus Corporate Edition 10.1.4 Symantec AntiVirus Corporate Edition 10.1 .401 Symantec AntiVirus Corporate Edition 10.1 .400 Symantec AntiVirus Corporate Edition 10.1 .396 Symantec AntiVirus Corporate Edition 10.1 .394 Symantec AntiVirus Corporate Edition 10.0.2 .2021 Symantec AntiVirus Corporate Edition 10.0.2 .2020 Symantec AntiVirus Corporate Edition 10.0.2 .2011 Symantec AntiVirus Corporate Edition 10.0.2 .2010 Symantec AntiVirus Corporate Edition 10.0.2 .2010 Symantec AntiVirus Corporate Edition 10.0.2 .2002 Symantec AntiVirus Corporate Edition 10.0.2 .2001 Symantec AntiVirus Corporate Edition 10.0.2 .2000 Symantec AntiVirus Corporate Edition 10.0 Symantec AntiVirus Corporate Edition 9.0.5 .1100 Symantec AntiVirus Corporate Edition 9.0.5 Symantec AntiVirus Corporate Edition 9.0.4 MR4 build 1000 Symantec AntiVirus Corporate Edition 9.0.4 Symantec AntiVirus Corporate Edition 9.0.3 .1000 Symantec AntiVirus Corporate Edition 9.0.2 .1000 Symantec AntiVirus Corporate Edition 9.0.1 .1.1000 Symantec AntiVirus Corporate Edition 9.0 .0.338 Symantec AntiVirus Corporate Edition 9.0 Symantec AntiVirus Corporate Edition 9.0.6.1000 Symantec AntiVirus Corporate Edition 10.1.6.6000 Symantec AntiVirus Corporate Edition 10.1.6.600 Symantec AntiVirus Corporate Edition 10.1.4.4010 Symantec AntiVirus Corporate Edition 10.1 MR6 Symantec AntiVirus Corporate Edition 10.1 Symantec AntiVirus Corporate Edition 10.0.2.2000 Symantec AntiVirus Corporate Edition 10.0.1.1008 Symantec AntiVirus Corporate Edition 10.0.1.1007 Symantec AntiVirus Corporate Edition 10.0.1.1000 Symantec AntiVirus Corporate Edition 10.0.0.359

Not Vulnerable:	Symantec Client Security 3.1 MR6 MP1 Symantec Client Security 2.0 MR6 MP1 Symantec AntiVirus Corporate Edition 9 MR6 MP1 Symantec AntiVirus Corporate Edition 10.1 MR6 MP1

Discussion

Symantec SYMTDI.SYS Device Driver Local Denial of Service Vulnerability

Symantec 'SYMTDI.SYS' device driver is prone to a local denial-of-service vulnerability.

A local authenticated attacker may exploit this issue to crash affected computers, denying service to legitimate users.

This issue is similar to the one described in BID 22961. Symantec is currently investigating this issue; we will update this BID as more information emerges.

Exploit / POC

Symantec SYMTDI.SYS Device Driver Local Denial of Service Vulnerability

The following exploit code is available:

/data/vulnerabilities/exploits/BTP00012P002NF.zip

Solution / Fix

Symantec SYMTDI.SYS Device Driver Local Denial of Service Vulnerability

Solution:
The vendor released updates and an advisory to address this issue. Please see the references for more information.

References

Symantec SYMTDI.SYS Device Driver Local Denial of Service Vulnerability

References:

Symantec Homepage (Symantec)
Norton Insufficient validation of 'SymTDI' driver input buffer (David Matousek)
Symantec Security Advisory SYM07-024 (Symantec)