Check Point Advisories

Novell ZENworks Patch Management Multiple SQL Injection Vulnerabilities (CVE-2005-3315)

Vulnerability
Protection

Check Point Reference:	CPAI-2005-321
Date Published:	30 Sep 2009
Severity:	High
Last Updated:	Wednesday 30 September, 2009
Source:
Industry Reference:	CVE-2005-3315
Protection Provided by:	Security Gateway R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description	ZENworks is a resource management solution developed by Novell. The product provides system administrators with management capabilities of remote networked computers. The software suite is composed of several product components. Some of the available ZENworks product components are ZENworks Desktop Management, ZENworks Server Management, and ZENworks Patch Management. There are several user input validation vulnerabilities in the Novell ZENworks Patch Management product. After authentication, a malicious user can submit crafted HTTP request to the affected product to exploit the flaws. The attacker may inject and execute arbitrary SQL commands on the vulnerable host. The target behaviour is dependent on the nature and purpose of the injected SQL statements. The target may show no abnormal behaviour under attack.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

In the IPS tab, click Protections and find the Novell ZENworks Patch Management Multiple SQL Injection Vulnerabilities protection using the Search tool and Edit the protection's settings.
Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name: Application Servers Protection Violation.
Attack Information: Novell ZENworks Patch Management multiple SQL injection vulnerabilities