|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA20856] CA Products Scan Job Description Format String Vulnerability
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Wed Jun 28 2006 - 07:02:05 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----------------------------------------------------------------------
Want to join the Secunia Security Team?
Secunia offers a position as a security specialist, where your daily
work involves reverse engineering of software and exploit code,
auditing of source code, and analysis of vulnerability reports.
http://secunia.com/secunia_security_specialist/
----------------------------------------------------------------------
TITLE:
CA Products Scan Job Description Format String Vulnerability
SECUNIA ADVISORY ID:
SA20856
VERIFY ADVISORY:
http://secunia.com/advisories/20856/
CRITICAL:
Less critical
IMPACT:
DoS, System access
WHERE:
From local network
SOFTWARE:
CA eTrust PestPatrol Anti-Spyware Corporate Edition 8.x
http://secunia.com/product/10673/
CA Integrated Threat Management (ITM) 8.x
http://secunia.com/product/7112/
eTrust Antivirus 8.x
http://secunia.com/product/10672/
DESCRIPTION:
A vulnerability has been reported in some CA products, which can be
exploited by malicious users to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.
The vulnerability is caused due to a format string error within the
handling of the description field of a scan job. This can be
exploited to cause the affect products to crash and may allow
arbitrary code execution via a specially crafted scan job description
that contains format string specifiers.
Successful exploitation requires that the user is able to create a
scan job.
The vulnerability has been reported in the following products:
* CA Integrated Threat Management r8
* eTrust Antivirus r8
* eTrust PestPatrol Anti-Spyware Corporate Edition r8
SOLUTION:
The vulnerability has been fixed in Content Update build 432 via the
content update mechanism.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Deral Heiland.
ORIGINAL ADVISORY:
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34325
http://supportconnectw.ca.com/public/eitm/infodocs/etrustitmvuln-contentupdate.asp
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]