Arbitrary DNS Query Vulnerability in Symantec Gateway Security

CVE-2006-4562

Summary

The proxy DNS service in Symantec Gateway Security enables remote attackers to perform arbitrary DNS queries against third-party DNS servers while concealing their actual IP address. This configuration flaw poses a significant security risk by allowing malicious activities to go undetected. Note: the default setup may not proxy DNS queries received on the external interface, potentially limiting exposure.

References