SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Sygate Management Server Vendors:   Symantec
Symantec Sygate Management Server Input Validation Error Lets Remote Users Inject SQL Commands to Gain Administrative Access
SecurityTracker Alert ID:  1015561
SecurityTracker URL:  http://securitytracker.com/id/1015561
CVE Reference:   CVE-2006-0522   (Links to External Site)
Updated:  Feb 8 2006
Original Entry Date:  Feb 1 2006
Impact:   Disclosure of system information, Disclosure of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.1 build 1417 and prior versions
Description:   A vulnerability was reported in Symantec's Sygate Management Server (SMS). A remote user can inject SQL commands to gain administrative access to the application.

The software does not properly validate user-supplied input. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database. This can be exploited to overwrite the password for any SMS account, including the SMS administrator account. Then, the remote user can use the new password to gain access to the SMS console with full administrator privileges. With full administrator privileges, the remote user can, for example, disable all agents or propagate malware to all managed agents.

The vendor credits Guillaume Goutaudier and Nicolas Gregoire at Exaprobe, SAS, France with reporting this vulnerability.

Impact:   A remote user can execute SQL commands on the underlying database. This can be exploited to gain administrative access on the application.
Solution:   The vendor has issued a fix.

SMS (English version) 3.5 MR 3 build 894 or earlier:

ftp://SMS35b895@207.33.111.31

SMS (English version) 4.0 MR 1 build 1104 and earlier:

ftp://SMS40B1105@207.33.111.31

SMS (English version) 4.1 MR 2 build 1417 and earlier:

ftp://SSE41MR2@207.33.111.31

SMS 4.1 (Chinese Version) 4.1 MR1 build 1351 and earlier:

ftp://SMS1352c@207.33.111.31

For password access, contact technical support.

For SMS 4.1 GA (Japanese Version) build 1258 and earlier, contact technical support.

The vendor's advisory is available at:

http://securityresponse.symantec.com/avcenter/security/Content/2006.02.01.html

Vendor URL:  securityresponse.symantec.com/avcenter/security/Content/2006.02.01.html (Links to External Site)
Cause:   Input validation error
Underlying OS:  Windows (2000), Windows (2003)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC