General discussion

VULNERABILITIES - March 16, 2005

Symantec Products Unspecified DNS Cache Poisoning Vulnerability

SECUNIA ADVISORY ID:
SA14595

VERIFY ADVISORY:
http://secunia.com/advisories/14595/

CRITICAL:
Moderately critical

IMPACT:
Spoofing, Manipulation of data

WHERE:
From remote

OPERATING SYSTEM:
Symantec VelociRaptor 1.5
http://secunia.com/product/174/
Symantec Gateway Security 2.x
http://secunia.com/product/3104/
Symantec Gateway Security 1.x
http://secunia.com/product/876/

SOFTWARE:
Symantec Enterprise Firewall (SEF) 8.x
http://secunia.com/product/3587/
Symantec Enterprise Firewall (SEF) 7.x
http://secunia.com/product/514/

DESCRIPTION:
A vulnerability has been reported in various Symantec gateway
products, which can be exploited by malicious people to poison the
DNS cache.

The vulnerability is caused due to an unspecified error in the DNS
proxy (DNSd) when functioning as a DNS caching server or primary DNS
server and can be exploited to poison the DNS cache.

The vulnerability may be related to:
SA11888

The following products are affected:
* Symantec Gateway Security 5400 Series, v2.x
* Symantec Gateway Security 5300 Series, v1.0
* Symantec Enterprise Firewall, v7.0.x (Windows and Solaris)
* Symantec Enterprise Firewall v8.0 (Windows and Solaris)
* Symantec VelociRaptor, Model 1100/1200/1300 v1.5

NOTE: This has already been exploited in the wild.

SOLUTION:
The vendor has issued hotfixes.
http://www.symantec.com/techsupp

ORIGINAL ADVISORY:
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2005.03.15.html
http://service1.symantec.com/support/ent-gate.nsf/docid/2005030417285454

OTHER REFERENCES:
SA11888:
http://secunia.com/advisories/11888/

Internet Storm Center:
http://www.isc.sans.org/diary.php?date=2005-03-04
Discussion is locked
Follow
Reply to: VULNERABILITIES - March 16, 2005
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: VULNERABILITIES - March 16, 2005
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments

CNET Forums