Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
DNS:QUERY:SYMC-DNS-CACHE |
|---|---|
Severity |
Minor |
Recommended |
No |
Category |
DNS |
Keywords |
Symantec Gateway Products DNS Cache Poisoning |
Release Date |
2013/05/23 |
Update Number |
2266 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
DNS: Symantec Gateway Products DNS Cache Poisoning
This signature detects attempts to exploit a known vulnerability in the way the DNS proxy component of Symantec Gateway products processes and caches DNS responses. A successful attack can lead to man-in-the-middle attacks, or spoofing attacks, or information gathering attacks, etc.
Extended Description
A remote DNS cache poisoning vulnerability affects Symantec Gateway Security. The underlying issue causing this vulnerability is currently unknown. An attacker may leverage this issue to manipulate cache data, potentially facilitating man-in-the-middle, site impersonation, or denial of service attacks.
Affected Products
- Symantec enterprise_firewall 7.0.0 NT/2000
- Symantec enterprise_firewall 7.0.0 Solaris
- Symantec enterprise_firewall 8.0.0 NT/2000
- Symantec enterprise_firewall 8.0.0 Solaris
- Symantec gateway_security_5300 1.0.0
- Symantec gateway_security_5300
- Symantec gateway_security_5400 2.0.0
- Symantec gateway_security_5400 2.0.1
- Symantec velociraptor_1100 1.5.0
- Symantec velociraptor_1100
- Symantec velociraptor_1200 1.5.0
- Symantec velociraptor_1200
- Symantec velociraptor_1300 1.5.0
- Symantec velociraptor_1300
References
- BugTraq: 12818
- CVE: CVE-2005-0817