Back to list
[CAID 35112]: CA eTrust Intrusion Detection Denial of Service Vulnerability
Feb 28 2007 06:08PM
Williams, James K (James Williams ca com)
Title: [CAID 35112]: CA eTrust Intrusion Detection Denial of Service
CA Vuln ID (CAID): 35112
CA Advisory Date: 2007-02-27
Reported By: iDefense
Impact: Remote attackers can cause a denial of service condition.
Summary: CA eTrust Intrusion Detection contains a vulnerability that
can allow a remote attacker to cause a denial of service condition.
Mitigating Factors: None
Severity: CA has given this vulnerability a Medium risk rating.
eTrust Intrusion Detection 3.0 SP1
eTrust Intrusion Detection 3.0
eTrust Intrusion Detection 2.0 SP1
Status and Recommendation:
Customers with vulnerable versions of the eTrust Intrusion Detection
product should upgrade with the latest patches, which are available
for download from http://supportconnect.ca.com.
eTrust Intrusion Detection 3.0 SP1 - QO85469
eTrust Intrusion Detection 3.0 - QO85472
eTrust Intrusion Detection 2.0 SP1 - QO85488
How to determine if the installation is affected:
1. Locate the file SW3eng.exe with Windows Explorer. For 3.0 and 3.0
SP1, the file is located in the
"Program Files\CA\eTrust\Intrusion Detection\engine\" directory. For
2.0, the file is located in the
"Program Files\eTrust\Intrusion Detection\engine\" directory.
2. Right click SW3eng.exe and choose Properties
3. Select the Version tab
The installation is vulnerable if the version of SW3eng.exe is less
than the version indicated below:
eTrust Intrusion Detection 3.0 SP1 - SW3eng.exe 126.96.36.199
eTrust Intrusion Detection 3.0 - SW3eng.exe 3.0.2.07
eTrust Intrusion Detection 2.0 SP1 - SW3eng.exe 188.8.131.52
In the case where applying the patch is not feasible, ensure only
authorized hosts are permitted to connect to the Engine service port,
9191 by default, on the host running eTrust Intrusion Detection.
References (URLs may wrap):
CA SupportConnect Security Notice for this vulnerability:
Security Notice for eTrust Intrusion Detection
Solution Document Reference APARs:
QO85469, QO85472, QO85488
CA Security Advisor posting:
CA eTrust Intrusion Detection Denial of Service Vulnerability
CAID Advisory link:
Reported By: iDefense
iDefense advisory 02.27.07:
CVE Reference: CVE-2007-1005
OSVDB Reference: OSVDB ID: 32290
Changelog for this advisory:
v1.0 - Initial Release
Customers who require additional information should contact CA
Technical Support at http://supportconnect.ca.com.
For technical questions or comments related to this advisory, please
send email to vuln AT ca DOT com.
If you discover a vulnerability in CA products, please report your
findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability"
Ken Williams ; 0xE2941985
Director, CA Vulnerability Research
CA, One CA Plaza, Islandia, NY 11749
Legal Notice http://www3.ca.com/legal/
Copyright (c) 2007 CA. All rights reserved.
[ reply ]
Copyright 2010, SecurityFocus