BugTraq
[CAID 35112]: CA eTrust Intrusion Detection Denial of Service Vulnerability Feb 28 2007 06:08PM
Williams, James K (James Williams ca com)


Title: [CAID 35112]: CA eTrust Intrusion Detection Denial of Service

Vulnerability

CA Vuln ID (CAID): 35112

CA Advisory Date: 2007-02-27

Reported By: iDefense

Impact: Remote attackers can cause a denial of service condition.

Summary: CA eTrust Intrusion Detection contains a vulnerability that

can allow a remote attacker to cause a denial of service condition.

Mitigating Factors: None

Severity: CA has given this vulnerability a Medium risk rating.

Affected Products:

eTrust Intrusion Detection 3.0 SP1

eTrust Intrusion Detection 3.0

eTrust Intrusion Detection 2.0 SP1

Affected Platforms:

Windows

Status and Recommendation:

Customers with vulnerable versions of the eTrust Intrusion Detection

product should upgrade with the latest patches, which are available

for download from http://supportconnect.ca.com.

eTrust Intrusion Detection 3.0 SP1 - QO85469

eTrust Intrusion Detection 3.0 - QO85472

eTrust Intrusion Detection 2.0 SP1 - QO85488

How to determine if the installation is affected:

1. Locate the file SW3eng.exe with Windows Explorer. For 3.0 and 3.0

SP1, the file is located in the

"Program Files\CA\eTrust\Intrusion Detection\engine\" directory. For

2.0, the file is located in the

"Program Files\eTrust\Intrusion Detection\engine\" directory.

2. Right click SW3eng.exe and choose Properties

3. Select the Version tab

The installation is vulnerable if the version of SW3eng.exe is less

than the version indicated below:

eTrust Intrusion Detection 3.0 SP1 - SW3eng.exe 3.0.5.80

eTrust Intrusion Detection 3.0 - SW3eng.exe 3.0.2.07

eTrust Intrusion Detection 2.0 SP1 - SW3eng.exe 2.0.0.41

Workaround:

In the case where applying the patch is not feasible, ensure only

authorized hosts are permitted to connect to the Engine service port,

9191 by default, on the host running eTrust Intrusion Detection.

References (URLs may wrap):

CA SupportConnect:

http://supportconnect.ca.com/

CA SupportConnect Security Notice for this vulnerability:

Security Notice for eTrust Intrusion Detection

http://supportconnectw.ca.com/public/ca_common_docs/eid_secnotice.asp

Solution Document Reference APARs:

QO85469, QO85472, QO85488

CA Security Advisor posting:

CA eTrust Intrusion Detection Denial of Service Vulnerability

http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=100784

CAID: 35112

CAID Advisory link:

http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=35112

Reported By: iDefense

iDefense advisory 02.27.07:

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=484

CVE Reference: CVE-2007-1005

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1005

OSVDB Reference: OSVDB ID: 32290

http://osvdb.org/32290

Changelog for this advisory:

v1.0 - Initial Release

Customers who require additional information should contact CA

Technical Support at http://supportconnect.ca.com.

For technical questions or comments related to this advisory, please

send email to vuln AT ca DOT com.

If you discover a vulnerability in CA products, please report your

findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability"

form.

URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx

Regards,

Ken Williams ; 0xE2941985

Director, CA Vulnerability Research

CA, One CA Plaza, Islandia, NY 11749

Contact http://www3.ca.com/contact/

Legal Notice http://www3.ca.com/legal/

Privacy Policy http://www3.ca.com/privacy/

Copyright (c) 2007 CA. All rights reserved.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus