Vulnerability Details CVE-2006-4562
The proxy DNS service in Symantec Gateway Security (SGS) allows remote attackers to make arbitrary DNS queries to third-party DNS servers, while hiding the source IP address of the attacker. NOTE: another researcher has stated that the default configuration does not proxy DNS queries received on the external interface
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.1%
CVSS Severity
CVSS v2 Score 5.0
References
- http://www.securityfocus.com/archive/1/444114/100/100/threaded
- http://www.securityfocus.com/archive/1/444134/100/100/threaded
- http://www.securityfocus.com/archive/1/444135/100/100/threaded
- http://www.securityfocus.com/archive/1/444330/100/0/threaded
- http://www.securityfocus.com/archive/1/444114/100/100/threaded
- http://www.securityfocus.com/archive/1/444134/100/100/threaded
- http://www.securityfocus.com/archive/1/444135/100/100/threaded
- http://www.securityfocus.com/archive/1/444330/100/0/threaded
Products affected by CVE-2006-4562
-
cpe:2.3:h:symantec:gateway_security:1.0
-
cpe:2.3:h:symantec:gateway_security:320
-
cpe:2.3:h:symantec:gateway_security:360
-
cpe:2.3:h:symantec:gateway_security:360r
-
cpe:2.3:h:symantec:gateway_security:5000_series_2.0.1
-
cpe:2.3:h:symantec:gateway_security:5000_series_3.0
-
cpe:2.3:h:symantec:gateway_security:5110
-
cpe:2.3:h:symantec:gateway_security:5110_1.0
-
cpe:2.3:h:symantec:gateway_security:5200
-
cpe:2.3:h:symantec:gateway_security:5200_1.0
-
cpe:2.3:h:symantec:gateway_security:5300
-
cpe:2.3:h:symantec:gateway_security:5300_1.0
-
cpe:2.3:h:symantec:gateway_security:5310_1.0
-
cpe:2.3:h:symantec:gateway_security:5400_2.0
-
cpe:2.3:h:symantec:gateway_security:5400_2.0.1