TITLE:
Symantec Sygate Management Server SQL Injection

SECUNIA ADVISORY ID:
SA18689

VERIFY ADVISORY:
http://secunia.com/advisories/18689/

CRITICAL:
Moderately critical

IMPACT:
Security Bypass, Manipulation of data

WHERE:
>From local network

SOFTWARE:
Sygate Secure Enterprise 3.x
http://secunia.com/product/3772/
Sygate Secure Enterprise 4.x
http://secunia.com/product/7301/

DESCRIPTION:
A vulnerability has been reported in Sygate Management Server (SMS),
which can be exploited by malicious people to conduct SQL injection
attacks.

Input passed to the authentication servlet is not properly sanitised
before being used in a SQL query. This can be exploited to manipulate
SQL queries by injection arbitrary SQL code.

Successful exploitation makes it possible to bypass the user
authentication by e.g. overwriting an administrative user's password
thereby gaining administrative privileges to the SMS server. This can
further be exploited to disable managed agents or propagate malicious
code to them.

The vulnerability has been reported in version 4.1, build 1417 and
prior.

SOLUTION:
Apply patches (see vendor advisory for patch information).

PROVIDED AND/OR DISCOVERED BY:
The vendor credits Guillaume Goutaudier.

ORIGINAL ADVISORY:
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2006.02.01.html

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------