Check Point Advisories

CA Total Defense Suite UNCWS Multiple Report Stored Procedure SQL Injections (CVE-2011-1653)

Vulnerability
Protection

Check Point Reference:	CPAI-2011-266
Date Published:	17 May 2011
Severity:	Critical
Last Updated:	Wednesday 05 December, 2018
Source:
Industry Reference:	CVE-2011-1653
Protection Provided by:	Security Gateway R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description	CA Total Defense combines CA Anti-Virus, CA Anti-Spyware, CA Gateway Security and CA Host-Based Intrusion Prevention System. The unified network control (UNC) offers network access protection by validating endpoints requesting network access. Multiple SQL Injection vulnerabilities have been reported in CA Total Defense Suite. The vulnerabilities are due to insufficient validation of the requests' parameters. The affected stored procedures use parameter values in a dynamic SQL statement without any input validation. Any injected SQL commands will run with DBA privileges. Successful exploitation of these vulnerabilities would allow a remote attacker to execute arbitrary code on a target system with SYSTEM privileges by the means of SQL exec function.

Protection Overview

This protection will detect and block malformed requests made to the vulnerable system.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

In the IPS tab, click Protections and find the CA Total Defense Suite UNCWS Multiple Report Stored Procedure SQL Injections protection using the Search tool and Edit the protection's settings.
Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name: Security Products Enforcement Violation.
Attack Information: CA Total Defense Suite UNCWS multiple report stored procedure SQL injections