Symantec Web Gateway access_log PHP Injection

2012-06-11T00:00:00
ID SAINT:CA79171627977B6EB496110895555ECA
Type saint
Reporter SAINT Corporation
Modified 2012-06-11T00:00:00

Description

Added: 06/11/2012
CVE: CVE-2012-0297
BID: 53444
OSVDB: 82023

Background

Symantec Web Gateway protects organizations against multiple types of Web-based malware and prevents data loss over the Web.

Problem

Symantec Web Gateway fails to properly sanitize user-supplied input passed to "/spywall/releasenotes.php" via the "relfile" parameter. This can be exploited to execute arbitrary PHP code.

Resolution

Upgrade Symantec Web Gateway to version 5.0.3 or higher.

References

<http://secunia.com/advisories/49216>
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00

Limitations

This exploit has been tested against Symantec Web Gateway 5.0.0.216 and 5.0.2.8

Platforms

Linux