TITLE:
CA Products Scan Job Description Format String Vulnerability
SECUNIA ADVISORY ID:
SA20856
VERIFY ADVISORY:
http://secunia.c
om/advisories/20856/
CRITICAL:
Less critical
IMPACT:
DoS, System access
WHERE:
From local network
SOFTWARE:
CA eTrust PestPatrol Anti-Spyware Corporate Edition 8.x
http://secunia.com/
product/10673/
CA Integrated Threat Management (ITM) 8.x
http://secunia.com/p
roduct/7112/
eTrust Antivirus 8.x
http://secunia.com/
product/10672/
DESCRIPTION:
A vulnerability has been reported in some CA products, which
can be
exploited by malicious users to cause a DoS (Denial of
Service)
and
potentially compromise a vulnerable system.
The vulnerability is caused due to a format string error
within
the
handling of the description field of a scan job. This can be
exploited to cause the affect products to crash and may
allow
arbitrary code execution via a specially crafted scan job
description
that contains format string specifiers.
Successful exploitation requires that the user is able to
create a
scan job.
The vulnerability has been reported in the following
products:
* CA Integrated Threat Management r8
* eTrust Antivirus r8
* eTrust PestPatrol Anti-Spyware Corporate Edition r8
SOLUTION:
The vulnerability has been fixed in Content Update build 432
via the
content update mechanism.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Deral Heiland.
ORIGINAL ADVISORY:
http://www3.ca.com/securityadvisor/vulninfo/vuln.a
spx?id=34325
http://supportconnectw.ca.com/
public/eitm/infodocs/etrustitmvuln-contentupdate.asp
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|