Signature Detail
Short Name |
DNS:QUERY:SYMC-DNS-CACHE |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
DNS |
Keywords |
Symantec Gateway Products DNS Cache Poisoning |
Release Date |
2013/05/23 |
Update Number |
2266 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
DNS: Symantec Gateway Products DNS Cache Poisoning
This signature detects attempts to exploit a known vulnerability in the way the DNS proxy component of Symantec Gateway products processes and caches DNS responses. A successful attack can lead to man-in-the-middle attacks, or spoofing attacks, or information gathering attacks, etc.
Extended Description
A remote DNS cache poisoning vulnerability affects Symantec Gateway Security. The underlying issue causing this vulnerability is currently unknown. An attacker may leverage this issue to manipulate cache data, potentially facilitating man-in-the-middle, site impersonation, or denial of service attacks.
Affected Products
- Symantec Enterprise Firewall 7.0.0 NT/2000
- Symantec Enterprise Firewall 7.0.0 Solaris
- Symantec Enterprise Firewall 8.0.0 NT/2000
- Symantec Enterprise Firewall 8.0.0 Solaris
- Symantec Gateway Security 5300 1.0.0
- Symantec Gateway Security 5300
- Symantec Gateway Security 5400 2.0.0
- Symantec Gateway Security 5400 2.0.1
- Symantec VelociRaptor 1100 1.5.0
- Symantec VelociRaptor 1100
- Symantec VelociRaptor 1200 1.5.0
- Symantec VelociRaptor 1200
- Symantec VelociRaptor 1300 1.5.0
- Symantec VelociRaptor 1300
References
- BugTraq: 12818
- CVE: CVE-2005-0817