SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Security)  >   Sygate Management Server Vendors:   Symantec
Symantec Sygate Management Server Input Validation Error Lets Remote Users Inject SQL Commands to Gain Administrative Access
SecurityTracker Alert ID:  1015561
SecurityTracker URL:  http://securitytracker.com/id/1015561
CVE Reference:   CVE-2006-0522   (Links to External Site)
Updated:  Feb 8 2006
Original Entry Date:  Feb 1 2006
Impact:   Disclosure of system information, Disclosure of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.1 build 1417 and prior versions
Description:   A vulnerability was reported in Symantec's Sygate Management Server (SMS). A remote user can inject SQL commands to gain administrative access to the application.

The software does not properly validate user-supplied input. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database. This can be exploited to overwrite the password for any SMS account, including the SMS administrator account. Then, the remote user can use the new password to gain access to the SMS console with full administrator privileges. With full administrator privileges, the remote user can, for example, disable all agents or propagate malware to all managed agents.

The vendor credits Guillaume Goutaudier and Nicolas Gregoire at Exaprobe, SAS, France with reporting this vulnerability.
Impact:   A remote user can execute SQL commands on the underlying database. This can be exploited to gain administrative access on the application.
Solution:   The vendor has issued a fix.

SMS (English version) 3.5 MR 3 build 894 or earlier:

ftp://SMS35b895@207.33.111.31

SMS (English version) 4.0 MR 1 build 1104 and earlier:

ftp://SMS40B1105@207.33.111.31

SMS (English version) 4.1 MR 2 build 1417 and earlier:

ftp://SSE41MR2@207.33.111.31

SMS 4.1 (Chinese Version) 4.1 MR1 build 1351 and earlier:

ftp://SMS1352c@207.33.111.31

For password access, contact technical support.

For SMS 4.1 GA (Japanese Version) build 1258 and earlier, contact technical support.

The vendor's advisory is available at:

http://securityresponse.symantec.com/avcenter/security/Content/2006.02.01.html
Vendor URL:  securityresponse.symantec.com/avcenter/security/Content/2006.02.01.html (Links to External Site)
Cause:   Input validation error
Underlying OS:   Windows (2000), Windows (2003)

Message History:   None.

 Source Message Contents
Date:  Wed, 1 Feb 2006 12:04:59 -0500
Subject:  Symantec Sygate Management Server: SMS Authentication Servlet SQL Injection


http://securityresponse.symantec.com/avcenter/security/Content/2006.02.01.html


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC