---------------------------------------------------------------------- Monitor, Filter, and Manage Security Information - Filtering and Management of Secunia advisories - Overview, documentation, and detailed reports - Alerting via email and SMS Request Trial: https://ca.secunia.com/?f=l ---------------------------------------------------------------------- TITLE: Symantec Products Unspecified DNS Cache Poisoning Vulnerability SECUNIA ADVISORY ID: SA14595 VERIFY ADVISORY: http://secunia.com/advisories/14595/ CRITICAL: Moderately critical IMPACT: Spoofing, Manipulation of data WHERE: >From remote OPERATING SYSTEM: Symantec VelociRaptor 1.5 http://secunia.com/product/174/ Symantec Gateway Security 2.x http://secunia.com/product/3104/ Symantec Gateway Security 1.x http://secunia.com/product/876/ SOFTWARE: Symantec Enterprise Firewall (SEF) 8.x http://secunia.com/product/3587/ Symantec Enterprise Firewall (SEF) 7.x http://secunia.com/product/514/ DESCRIPTION: A vulnerability has been reported in various Symantec gateway products, which can be exploited by malicious people to poison the DNS cache. The vulnerability is caused due to an unspecified error in the DNS proxy (DNSd) when functioning as a DNS caching server or primary DNS server and can be exploited to poison the DNS cache. The vulnerability may be related to: SA11888 The following products are affected: * Symantec Gateway Security 5400 Series, v2.x * Symantec Gateway Security 5300 Series, v1.0 * Symantec Enterprise Firewall, v7.0.x (Windows and Solaris) * Symantec Enterprise Firewall v8.0 (Windows and Solaris) * Symantec VelociRaptor, Model 1100/1200/1300 v1.5 NOTE: This has already been exploited in the wild. SOLUTION: The vendor has issued hotfixes. http://www.symantec.com/techsupp ORIGINAL ADVISORY: Symantec: http://securityresponse.symantec.com/avcenter/security/Content/2005.03.15.html http://service1.symantec.com/support/ent-gate.nsf/docid/2005030417285454 OTHER REFERENCES: SA11888: http://secunia.com/advisories/11888/ Internet Storm Center: http://www.isc.sans.org/diary.php?date=2005-03-04 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------