Symantec Gateway Security Products DNS Cache Poisoning

2004-06-15T06:37:42
ID OSVDB:7126
Type osvdb
Reporter fryxar(fryxar@datafull.com)
Modified 2004-06-15T06:37:42

Description

Vulnerability Description

Symantec Gateway security products contain a flaw that may allow a malicious user to insert false DNS records. The issue is triggered when incorrect records are inserted into the DNS cache, because the server will accept responses not related to the initial query from any authoritative DNS server it queries. It is possible that the flaw may allow DNS record spoofing resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Symantec has released patches to address this vulnerability.

Short Description

Symantec Gateway security products contain a flaw that may allow a malicious user to insert false DNS records. The issue is triggered when incorrect records are inserted into the DNS cache, because the server will accept responses not related to the initial query from any authoritative DNS server it queries. It is possible that the flaw may allow DNS record spoofing resulting in a loss of integrity.

References:

Vendor Specific Solution URL: http://service1.symantec.com/SUPPORT/ent-gate.nsf/3fcd5fb2fcae709e88256bc1005cd7c9/d152da593f21cd2988256ebb007c4e5e?OpenDocument&src=bar_sch_nam Vendor Specific Advisory URL Secunia Advisory ID:11888 Packet Storm: http://packetstormsecurity.org/0406-exploits/dnsPoison.cpp.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-06/0225.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-06/0272.html ISS X-Force ID: 16423 CVE-2004-1754 Bugtraq ID: 10557