DNS: Symantec Enterprise Firewall DNSD Proxy Cache Poisoning
This signature detects attempts to exploit a known vulnerability within DNSD Proxy, a component of the Symantec Enterprise firewall which handles DNS responses. The DNSD Proxy can be poisoned by remote attackers pretending to be authoritative over domains for which they are not. An attacker may exploit this vulnerability to carry other types of attacks, such as man-in-the-middle attacks, spoofing attacks, or information gathering attacks.
Extended Description
It is reported that dnsd is prone to a cache poisoning vulnerability. Dnsd does not ensure that the data returned from a remote DNS server contains related information about the requested records. An attacker could exploit this vulnerability to deny service to legitimate users by redirecting traffic to inappropriate hosts. Man-in-the-middle attacks, impersonation of sites, and other attacks may be possible.
Affected Products
Symantec gateway_security_5310,Symantec enterprise_firewall
Short Name
DNS:SYMANTEC-DNS-POISIONING
Severity
Major
Recommended
False
Recommended Action
Drop
Category
DNS
Keywords
CVE-2004-1754 Cache DNSD Enterprise Firewall Poisoning Proxy Symantec bid:10557
Release Date
07/15/2013
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Symantec
CVSS Score
5.0