Vulnerability Description
The proxy DNS service in Symantec Gateway Security (SGS) allows remote attackers to make arbitrary DNS queries to third-party DNS servers, while hiding the source IP address of the attacker. NOTE: another researcher has stated that the default configuration does not proxy DNS queries received on the external interface
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Gateway Security | 1.0 |
References
- http://www.securityfocus.com/archive/1/444114/100/100/threaded
- http://www.securityfocus.com/archive/1/444134/100/100/threaded
- http://www.securityfocus.com/archive/1/444135/100/100/threaded
- http://www.securityfocus.com/archive/1/444330/100/0/threaded
- http://www.securityfocus.com/archive/1/444114/100/100/threaded
- http://www.securityfocus.com/archive/1/444134/100/100/threaded
- http://www.securityfocus.com/archive/1/444135/100/100/threaded
- http://www.securityfocus.com/archive/1/444330/100/0/threaded
FAQ
What is CVE-2006-4562?
CVE-2006-4562 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The proxy DNS service in Symantec Gateway Security (SGS) allows remote attackers to make arbitrary DNS queries to third-party DNS servers, while hiding the source IP address of the attacker. NOTE: an...
How severe is CVE-2006-4562?
CVE-2006-4562 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4562?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Gateway Security.