Symantec has issued a fix for a DNS cache poisoning vulnerability in its Enterprise Firewall and Gateway Security...
software and VelociRaptor operating system.
IT security firm Secunia, which first reported the flaw Friday, issued an updated advisory this morning that notes the hotfix Symantec has made available. Symantec issued its own advisory last night directing users to its support site for the appropriate hotfix.
Secunia, based in Copenhagen, Denmark, called the vulnerability "moderately critical."
"If a DNS cache is poisoned, one can no longer trust any Web site or host based on its domain name," Thomas Kristensen, Secunia's chief technology officer, said in an e-mailed statement. He added the problem "is an issue for system administrators, not normal private users."
When acting as a caching DNS server, the integrated DNS proxy reportedly trusts any answer received from a DNS server without checking that it actually corresponds to a query or is valid, Kristensen wrote. This can be exploited to insert fake information in the DNS cache, which can be used to direct users to malicious Web sites or just prevent them from accessing certain Web sites.
Symantec, of Cupertino, Calif., said in its advisory that the flaw affects the following products:
- Symantec Gateway Security 5400 Series, v2.0
- Symantec Gateway Security 5300 Series, v1.0
- Symantec Enterprise Firewall, v7.0.x (Windows and Solaris)
- Symantec Enterprise Firewall v8.0 (Windows and Solaris)
- Symantec VelociRaptor, Model 1100/1200/1300
- Symantec VelociRaptor, Model 500/700/1000
Symantec said in the advisory that it's unaware of any active attempts to exploit the vulnerability.