Symantec plugs holes in firewall

Security specialist issues patches for vulnerabilities that could have allowed denial-of-service attacks against some hardware models.

Symantec has released patches for several flaws in its security products.

The Cupertino, Calif.-based company this week issued a bulletin saying it had resolved three high-risk vulnerabilities in the software used in its Firewall/VPN Appliance hardware models 100, 200 and 200R. It also fixed glitches in its Gateway Security 320, 360 and 360R products, which had been susceptible to two of the security holes.

The flaws could have opened the firewall appliances up to a denial-of-service attack, Symantec said. They also could have enabled an outsider to identify active services in the WAN (wireless-area network) interface and exploit one of those services to collect and alter the firewall's configuration, it said.

Firewalls are widely considered essential, if imperfect, defenses against unwanted intrusions to a computer system by hackers or online snoops. Gateways route traffic in and out of networks or between network segments.

Symantec, which provides security software, hardware and services, said the flaws were discovered by Rigel Kent Security & Advisory Services. It said no active attempts against or businesses organizations have been reported.