An attacker could exploit a security hole in several Symantec Corp. products to cause a denial of service. The Cupertino, Calif.-based company recommends users protect themselves by applying the latest available patches.
The vulnerability is caused by an unspecified error within the "isakmpd" service. Copenhagen, Denmark-based IT security firm Secunia said in its advisory that the vulnerability is "moderately critical" and can be exploited remotely.
Symantec said in a statement the vulnerability only affects enterprise gateway products that incorporate the Entrust module and negotiate dynamic vpn tunnels. "To date, Symantec has not had any reports of any related exploit of the vulnerability," the company said. Users can download the patches from Symantec's security site.
The following products are affected:
- VelociRaptor 1.5
- Gateway Security 1.0
- Gateway Security 2.0
- Enterprise Firewall/VPN 7.0 for Solaris
- Enterprise Firewall/VPN 7.0 for Windows NT/2000
- Enterprise Firewall/VPN 7.0.4 for Solaris
- Enterprise Firewall/VPN 7.0.4 for Windows NT/2000