Details of VAR-200609-0040

ID

VAR-200609-0040

CVE

CVE-2006-4562

TITLE

Symantec Gateway Security Security hole

Trust: 0.6

sources: CNNVD: CNNVD-200609-049

DESCRIPTION

The proxy DNS service in Symantec Gateway Security (SGS) allows remote attackers to make arbitrary DNS queries to third-party DNS servers, while hiding the source IP address of the attacker. NOTE: another researcher has stated that the default configuration does not proxy DNS queries received on the external interface

Trust: 0.99

sources: NVD: CVE-2006-4562 // VULHUB: VHN-20670

AFFECTED PRODUCTS

vendor:	symantec	model:	gateway security	scope:	eq	version:	5200_1.0	Trust: 1.6
vendor:	symantec	model:	gateway security	scope:	eq	version:	5400_2.0	Trust: 1.6
vendor:	symantec	model:	gateway security	scope:	eq	version:	5400_2.0.1	Trust: 1.6
vendor:	symantec	model:	gateway security	scope:	eq	version:	5200	Trust: 1.6
vendor:	symantec	model:	gateway security	scope:	eq	version:	5000_series_3.0	Trust: 1.6
vendor:	symantec	model:	gateway security	scope:	eq	version:	5110_1.0	Trust: 1.6
vendor:	symantec	model:	gateway security	scope:	eq	version:	5300	Trust: 1.6
vendor:	symantec	model:	gateway security	scope:	eq	version:	5110	Trust: 1.6
vendor:	symantec	model:	gateway security	scope:	eq	version:	5310_1.0	Trust: 1.6
vendor:	symantec	model:	gateway security	scope:	eq	version:	5300_1.0	Trust: 1.6
vendor:	symantec	model:	gateway security	scope:	eq	version:	5000_series_2.0.1	Trust: 1.0
vendor:	symantec	model:	gateway security	scope:	eq	version:	1.0	Trust: 1.0
vendor:	symantec	model:	gateway security	scope:	eq	version:	320	Trust: 1.0
vendor:	symantec	model:	gateway security	scope:	eq	version:	360	Trust: 1.0
vendor:	symantec	model:	gateway security	scope:	eq	version:	360r	Trust: 1.0

sources: CNNVD: CNNVD-200609-049 // NVD: CVE-2006-4562

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-4562
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200609-049
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-20670
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2006-4562
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-20670
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-20670 // CNNVD: CNNVD-200609-049 // NVD: CVE-2006-4562

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-4562

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200609-049

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200609-049

EXTERNAL IDS

db:	NVD	id:	CVE-2006-4562	Trust: 1.7
db:	BUGTRAQ	id:	20060823 RE: SYMANTEC GATEWAY SECURITY DNS EXPLOIT	Trust: 0.6
db:	BUGTRAQ	id:	20060823 AW: SYMANTEC GATEWAY SECURITY DNS EXPLOIT	Trust: 0.6
db:	BUGTRAQ	id:	20060823 SYMANTEC GATEWAY SECURITY DNS EXPLOIT	Trust: 0.6
db:	BUGTRAQ	id:	20060824 RE: SYMANTEC GATEWAY SECURITY DNS EXPLOIT	Trust: 0.6
db:	CNNVD	id:	CNNVD-200609-049	Trust: 0.6
db:	VULHUB	id:	VHN-20670	Trust: 0.1

sources: VULHUB: VHN-20670 // CNNVD: CNNVD-200609-049 // NVD: CVE-2006-4562

REFERENCES

url:	http://www.securityfocus.com/archive/1/444134/100/100/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/444135/100/100/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/444114/100/100/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/444330/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/archive/1/444330/100/0/threaded	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/444135/100/100/threaded	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/444134/100/100/threaded	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/444114/100/100/threaded	Trust: 0.6

sources: VULHUB: VHN-20670 // CNNVD: CNNVD-200609-049 // NVD: CVE-2006-4562

SOURCES

db:	VULHUB	id:	VHN-20670
db:	CNNVD	id:	CNNVD-200609-049
db:	NVD	id:	CVE-2006-4562

LAST UPDATE DATE

2024-08-14T14:35:31.090000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-20670	date:	2018-10-17T00:00:00
db:	CNNVD	id:	CNNVD-200609-049	date:	2021-12-08T00:00:00
db:	NVD	id:	CVE-2006-4562	date:	2024-08-07T20:15:28.143

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-20670	date:	2006-09-06T00:00:00
db:	CNNVD	id:	CNNVD-200609-049	date:	2006-09-05T00:00:00
db:	NVD	id:	CVE-2006-4562	date:	2006-09-06T00:04:00