Symantec Corp. has fixed a high-risk security hole attackers could exploit in its Sygate Management Server (SMS) to gain remote, unauthorized server access and potentially launch other attacks.
According to Symantec, SMS "provides scalability, fault tolerance, load balancing and security policy replication." It is used to describe and report security policies that link users, connectivity technology, applications, and network communications. SMS may be used with Microsoft SQL Server or Oracle databases, Symantec added.
The Cupertino, Calif.-based AV giant e-mailed an alert to customers of its DeepSight Threat Management System Wednesday saying an attacker could modify the logic of SQL queries and that successful exploitation could result in unauthorized remote server access with administrative privileges. The vendor said other attacks may be possible as well.
"The vulnerability specifically affects the SMS Authentication Servlet component of the server," Symantec said. "A remote attacker can pass malicious input to database queries through HTTP GET requests, resulting in modification of query logic or other attacks. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation."
Attackers could then overwrite the password of any account on the server, Symantec said, adding that this can "facilitate a complete compromise if the attacker is able to overwrite the administrator password."
SMS versions 4.1 build 1417 and prior are affected. Symantec has released a bulletin outlining the fix.