n.runs-SA-2007.024 - CA eTrust Antivirus Infinite Loop DoS (remote) Advisory Jul 25 2007 01:07PM
security nruns com
n.runs AG
http://www.nruns.com/ security(at)nruns.com
n.runs-SA-2007.024 25-Jul-2007

Vendor: Computer Associates, http://www.ca.com
Affected Products: CA eTrust Antivirus,
Vulnerability: Infinite Loop DoS (remote)
Risk: HIGH


Vendor communication:

2007/05/09 Initial notification to CA
2007/05/11 CA Responses
2007/05/11 PGP keys exchange
2007/05/11 PoC files sent to CA
2007/05/15 CA ask for product and version used in the test
2007/05/15 Information requested sent to CA
2007/05/18 CA validates the vulnerabilities
2007/07/24 CA releases the Security Notice to the public
2007/07/25 n.runs AG releases a coordinated disclosure advisory


Founded in 1976, CA today is a global company with headquarters in the
United States and 150 offices in more than 45 countries. They serve more
than 99% of Fortune 1000R companies, as well as government entities,
educational institutions and thousands of other companies in diverse
industries worldwide.
eTrust is an Antivirus developed by Computer Associates.
Combined with CA Anti-Spyware for the Enterprise, CA Anti-Virus for the
Enterprise provides efficient, centrally-managed, multi-layered protection
against a broad range of malware threats.


A remotely exploitable vulnerability has been found in the file parsing

In detail, the following flaw was determined:

- Infinite Loop in .CHM files parsing


This problem can lead to remote engine denial-of-service if an attacker
carefully crafts a file that exploits the aforementioned vulnerability. The
vulnerability is present in CA eTrust Antivirus software previous to file
arclib.dll version


The vulnerability was reported on 09.May.2007 and an update has been issued
to solve this vulnerability through the regular update mechanism.
NOTE: Not all products are automatically updated; please refer to the
following link to validate:

Bugs found by Sergio Alvarez of n.runs AG.



This Advisory and Upcoming Advisories:

Unaltered electronic reproduction of this advisory is permitted. For all
other reproduction or publication, in printing or otherwise, contact
security (at) nruns (dot) com [email concealed] for permission. Use of the advisory constitutes
acceptance for use in an "as is" condition. All warranties are excluded. In
no event shall n.runs be liable for any damages whatsoever including direct,
indirect, incidental, consequential, loss of business profits or special
damages, even if n.runs has been advised of the possibility of such damages.

Copyright 2007 n.runs AG. All rights reserved. Terms of apply.

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus