search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Sungard eTRAKiT3 may be vulnerable to SQL injection

Vulnerability Note VU#846103

Original Release Date: 2016-12-06 | Last Revised: 2016-12-12

Overview

According to the reporter, the Sungard eTRAKiT3 software version 3.2.1.17 may be vulnerable to SQL injection which may allow a remote unauthenticated attacker to run a subset of SQL commands against the back-end database.

Description

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - CVE-2016-6566

According to the reporter, the valueAsString parameter inside the JSON payload contained by the ucLogin_txtLoginId_ClientStat POST parameter is not properly validated. An unauthenticated remote attacker may be able to modify the POST request and insert a SQL query which may then be executed by the backend server. According to the reporter, eTRAKiT 3.2.1.17 was tested, but other versions may also be vulnerable.

Impact

A remote unauthenticated attacker may be able to run a subset of SQL commands against the back-end database.

Solution

Apply a patch

Sungard has provided the following statement:

SunGard Public Sector appreciates that this issue has been brought to our attention.   Our development team has addressed this report with a patch release.  Please contact the SunGard Public Sector TRAKiT Solutions division to request the patch release.  (858) 451-3030.

However, affected users may also consider the following workaround:

Restrict access

As a general good security practice, only allow connections from trusted hosts and networks. Note that restricting access does not prevent SQLi attacks since the attack comes as an SQL request from a legitimate user's host. Restricting access would prevent an attacker from accessing a web interface using stolen credentials from a blocked network location.

Vendor Information

846103
 
Affected   Unknown   Unaffected

Sungard

Notified:  October 21, 2016 Updated:  December 12, 2016

Statement Date:   December 09, 2016

Status

  Affected

Vendor Statement

SunGard Public Sector appreciates that this issue has been brought to our
attention.   Our development team has addressed this report with a patch
release.  Please contact the SunGard Public Sector TRAKiT Solutions division to
request the patch release.  (858) 451-3030.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.


CVSS Metrics

Group Score Vector
Base 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C
Temporal 8.0 E:POC/RL:U/RC:UR
Environmental 6 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

Credit

Thanks to Illumant for reporting this vulnerability.

This document was written by Garret Wassermann.

Other Information

CVE IDs: CVE-2016-6566
Date Public: 2016-12-06
Date First Published: 2016-12-06
Date Last Updated: 2016-12-12 14:00 UTC
Document Revision: 33

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.