Update Protection against Symantec IM Manager LoggedInUsers.lgx Definition File Multiple SQL Injections Vulnerability
| Check Point Reference: | CPAI-2010-434 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Secunia Advisory: SA41959 | |
| Industry Reference(s): | CVE-2010-0112 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Symantec IM Manager prior to 8.4.15 | ||
| Vulnerability Description An SQL injection vulnerability has been reported in Symantec IM Manager. Symantec IM Manager is a software-based proxy to secure, manage, and log IM messages for enterprise and public IM protocols. It provides real-time threat protection against IM viruses, worms, and other types of attacks delivered through IM messages. Successful exploitation of this vulnerability could result in disclosure of information, and modification or manipulation of the data in the underlying database. |
||
|
Update/Patch Available The vendor, Symantec, has released an advisory addressing this vulnerability. |
|
|
Vulnerability Details The vulnerability is due to an insufficient input validation of the parameters loginTimeStamp, dbo, dateDiffParam and whereClause. A remote attacker may exploit this issue by embedding malicious SQL code as part of a vulnerable parameter. Successful exploitation of this vulnerability would result in disclosure of sensitive information, and modification or manipulation of the data in the underlying database. |
Protection Overview
This protection will detect and block attempts to exploit this vulnerability.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.