Symantec.Enterprise.Firewall.DNSD.Proxy.Cache.Poisoning
Description
This indicates a possible attack towards a cache poisoning vulnerability in the DNS proxy (DNSd) in multiple Symantec Gateway Security products.
The vulnerability is caused by insufficient validation of query response from other DNS servers, that could result to DNS spoofing or redirection to other websites.
Affected Products
Symantec Gateway Security 5400 2.0.1
Symantec Gateway Security 5400 2.0
Symantec Gateway Security 5310 1.0
Symantec Gateway Security 5300 1.0
Symantec Gateway Security 5200 1.0
Symantec Gateway Security 5110 1.0
Symantec Enterprise Firewall 8.0 Solaris
Symantec Enterprise Firewall 8.0 NT/2000
Symantec Enterprise Firewall 8.0
Symantec Enterprise Firewall 7.0.4 Solaris
Symantec Enterprise Firewall 7.0.4 NT/2000
Impact
Security Bypass: Remote attackers can bypass security checking of vulnerable systems.
Recommended Actions
The vendor has released security response advisory SYM04-010, which contains fixes for this issue. Please see their website for more information.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |