Intrusion Prevention

Symantec.Sygate.Authentication.Servlet.SQL.Injection

Description

This indicates a possible attempt to exploit a SQL-Injection vulnerability in Symantec Sygate Management Server. The vulnerability is in the SMS Authentication Servlet component of the server. A remote attacker can modify query logic or launch other attacks by passing specially crafted input to the server in HTTP GET requests. As a result the attacker may be able to overwrite the password of any account, including the administrator account.

Affected Products

Symantec Sygate Management Server Japanese Version 4.1 GA build 1258
Symantec Sygate Management Server English version 4.1 MR 2 build 1417
Symantec Sygate Management Server English version 4.0 MR 1 build 1104
Symantec Sygate Management Server English version 3.5 MR 3 build 894
Symantec Sygate Management Server Chinese Version 4.1 MR1 build 1351

Impact

System compromise, administrator access.

Recommended Actions

Upgrades are available from the vendor.
http://securityresponse.symantec.com/avcenter/security/Content/2006.02.01.html

CVE References

CVE-2006-0522