• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Computer Associates eTrust Intrusion Detection System Remote Denial of Service Vulnerability

eTrust Intrusion Detection System is reported prone to a remote denial of service vulnerability.

This vulnerability specifically arises due to the improper use of the Microsoft Crypto API function called 'CPImportKey'. eTrust Intrusion Detection System employs the Microsoft Crypto API functionality without wrapper functions to validate user-supplied input and is susceptible to denial of service attacks.

A successful attack can crash the application by exhausting memory resources. This can facilitate further attacks against the network and the possibility of attacks not being detected.

eTrust Intrusion Detection System 3.0 and 3.0 SP1 are reported vulnerable.