Initial Publication Date: Advisory Status: Advisory Severity: CVSS Base Score:Legacy ID
1 Feb 2006 Closed High 7.5 SYM06-002
A SQL injection vulnerability in Symantec's Sygate Management Server (SMS) version 4.1, build 1417 and earlier could potentially allow a remote or local attacker to gain administrative privileges to the SMS server.
Note: Please contact Technical Support to obtain the password needed to download these updates.
The Japanese version of SMS is distributed through Macnica Inc. Please contact your Macnica Support representative to obtain this update.
Symantec was notified of a vulnerability in Symantec's Sygate Management Server. An attacker with network or local access to the SMS Server could inject code into a URL which would potentially allow the attacker to overwrite the password for any SMS account, including the SMS administrator account. If successful, the attacker could then use that new password to access the SMS console with full administrator privileges. This would allow the attacker to disable all agents, or to propagate an exploit script to all managed agents.
This issue is a candidate for inclusion in the Common Vulnerabilities and Exposures (CVE) list (http://cve.mitre.org), which standardizes names for security problems.
The CVE initiative has assigned CVE Candidate t to this issue.
Symantec engineers have verified that this vulnerability exists in the product versions listed above, and have provided updates to resolve the issue.
Fixed builds for this issue can be downloaded from the locations listed in the table above. Select your supported version of Symantec SMS and use the login credentials that were provided by Enterprise Support to download the appropriate update. If you need additional assistance, please contact Enterprise Support.
Note: Supported products will be updated to address this vulnerability. If you are using a product version or maintenance release earlier than those listed in the table above, you will need to upgrade to the most currently supported version of your product.
To help reduce the risks associated with this vulnerability until you are able to apply the patches or updates, Symantec recommends the following:
Restrict access to the SMS console by using its internal network ACL. Then, specify the IP addresses of valid administrators so they will have access to the console.
Restrict access to the vulnerable SMS applet by using IIS' ACL
Details on these mitigation steps are located in the same ftp location as the product builds.
As a part of normal best practices, users should keep vendor-supplied patches for all application software and operating systems up-to-date. Symantec strongly recommends customers immediately apply the updates for their products to protect against possible attacks.
Symantec is not aware of any customers impacted by this vulnerability. On April 13, 2006, proof of concept code to exploit this issue was made available
Symantec would like to thank Guillaume Goutaudier and Nicolas Gregoire at Exaprobe, SAS, France for reporting this issue, and working with us on the resolution
02/03/06 - added CVE identifier
02/07/06 - updated Credit section
02/09/06 - added Solaris build information
04/17/06 - added information on the availability of proof of concept code
This is machine translated content
Login to Subscribe
Please login to set up your
Would you like to be subscribed to future notifications for this article?
For security reasons, your link to this document has expired. Please click on the attachment link to access this file.
The attachment that you are looking for no longer exists.
There has been an issue retrieving your attachment. Please try again.
Currently server is down.
Didn't find the article you were looking for? Try these resources.