Short Name |
DNS:SYMANTEC-DNS-POISIONING |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
DNS |
Keywords |
Symantec Enterprise Firewall DNSD Proxy Cache Poisoning |
Release Date |
2013/07/15 |
Update Number |
2282 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability within DNSD Proxy, a component of the Symantec Enterprise firewall which handles DNS responses. The DNSD Proxy can be poisoned by remote attackers pretending to be authoritative over domains for which they are not. An attacker may exploit this vulnerability to carry other types of attacks, such as man-in-the-middle attacks, spoofing attacks, or information gathering attacks.
It is reported that dnsd is prone to a cache poisoning vulnerability. Dnsd does not ensure that the data returned from a remote DNS server contains related information about the requested records. An attacker could exploit this vulnerability to deny service to legitimate users by redirecting traffic to inappropriate hosts. Man-in-the-middle attacks, impersonation of sites, and other attacks may be possible.