[原文]Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5 through 4.1 does not prevent the security policy from being updated by unprivileged users, which allows local users to modify the policy by exporting the policy file, changing it, and importing it back into SSA.
Sygate Security Agent (SSA) is prone to a security vulnerability. The application fails to control which users may Export and Import security policy files.
A local attacker may export and edit an SSA XML security policy file, and may then import the changed file into the affected software. This may allow the attacker to change security settings in SSA, i.e. trusted IP address, or DNS names, or crash the software.
A local attacker may exploit this issue to bypass the SSA security restrictions.
This issue only exists when the software is running in SSA running in 'Server Control' or 'Power User' Modes.
No exploit is required.
Reports indicate that the vendor has released SSA3.5 build 2580, SSA4.0 build 2715, and SSA4.1 build 2827 to address this issue. This is not confirmed. Customers are advised to contact the vendor for information regarding obtaining and applying appropriate fixes.