CVE-2004-0375

Name of the Vulnerable Software and Affected Versions Symantec Norton Internet Security versions 2003 through 2004 Norton Personal Firewall versions 2003 through 2004 Client Firewall versions 5.01 through 5.1.1 Client Security versions 1.0 through 1.1

Description The issue allows remote attackers to cause a denial of service, resulting in an infinite loop, via a TCP packet with specific options. This can be achieved by sending a TCP packet with either the SACK option or the Alternate Checksum Data option followed by a length of zero.

Recommendations For Symantec Norton Internet Security versions 2003 through 2004, update to a version that includes a fix for this issue. For Norton Personal Firewall versions 2003 through 2004, update to a version that includes a fix for this issue. For Client Firewall versions 5.01 through 5.1.1, update to a version that includes a fix for this issue. For Client Security versions 1.0 through 1.1, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the network to minimize the risk of exploitation.