CVE-2006-4562

Published Sep 6, 2006

Last updated 16 days ago

CVSS info 5.0

Overview

Description: The proxy DNS service in Symantec Gateway Security (SGS) allows remote attackers to make arbitrary DNS queries to third-party DNS servers, while hiding the source IP address of the attacker. NOTE: another researcher has stated that the default configuration does not proxy DNS queries received on the external interface
Source: cve@mitre.org
NVD status: Modified
CNA Tags: disputed
Products: gateway_security

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:symantec:gateway_security:1.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "0CAE17C6-FD3E-4846-A706-78246B37BFA1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:h:symantec:gateway_security:320:*:*:*:*:*:*:*",
            "matchCriteriaId": "EFFC0BF4-56EE-414C-8D45-3D2ACCBDC03A",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:h:symantec:gateway_security:360:*:*:*:*:*:*:*",
            "matchCriteriaId": "6B786C20-6C40-4DBE-AC24-D8B8E98FD6F5",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:h:symantec:gateway_security:360r:*:*:*:*:*:*:*",
            "matchCriteriaId": "38F65C12-9866-423F-8E59-FE905FE79043",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:h:symantec:gateway_security:5000_series_2.0.1:*:*:*:*:*:*:*",
            "matchCriteriaId": "00163129-F72A-4C56-A4E4-D254ED71FB63",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:h:symantec:gateway_security:5000_series_3.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "97BE5E88-1DA6-48A7-9811-97EE6582A627",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:h:symantec:gateway_security:5110:*:*:*:*:*:*:*",
            "matchCriteriaId": "7E42EDB2-616D-4915-9E41-7D80F32E4901",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:h:symantec:gateway_security:5110_1.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "3B647CBE-35DA-404C-BC71-0C378CC5CA1B",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:h:symantec:gateway_security:5200:*:*:*:*:*:*:*",
            "matchCriteriaId": "1D1175AC-9310-4804-8FB3-2F988F55BD09",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:h:symantec:gateway_security:5200_1.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "8EB8A732-3D37-4B96-8674-E03CC3826967",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:h:symantec:gateway_security:5300:*:*:*:*:*:*:*",
            "matchCriteriaId": "FF09575E-83D3-4772-816B-7D639B1C32A4",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:h:symantec:gateway_security:5300_1.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "F702A853-EE1C-4937-AED9-FF11EE442F9F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:h:symantec:gateway_security:5310_1.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "F0043B75-B1FA-48F7-B0B8-DF25CE5CED1F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:h:symantec:gateway_security:5400_2.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "B413854B-9D67-4FFA-81A7-884D3F473D06",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:h:symantec:gateway_security:5400_2.0.1:*:*:*:*:*:*:*",
            "matchCriteriaId": "5838D7A8-80F3-4571-80BE-D4AF0AA7F4C4",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

Related CVEs

References