exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

LD-CAeTrust.txt

LD-CAeTrust.txt
Posted Jun 29, 2006
Authored by Deral Heiland | Site LayeredDefense.com

A format string vulnerability was discovered within etrust Antivirus 8.0. The vulnerability is due to improper processing of format strings within the scan job description field. An attacker could create a scan job containing special crafted format strings that could potential lead to execution of arbitrary code, rights escalation and at a minimum denial of service.

tags | advisory, denial of service, arbitrary
SHA-256 | 904184d605233967c52fd67cc3154342d54a0fa06cabd165e584e86fee6cb3b3

LD-CAeTrust.txt

Change Mirror Download
=============================================================== 
Layered Defense Advisory 27 June 2006
===============================================================
1) Affected Software
Computer Associates: eTrust Antivirus 8.0
Computer Associates: eTrust PestPatrol 8.0
Computer Associates: Integrated Threat Management 8.0
===============================================================
2) Severity
Rating: Medium risk
Impact: Execution of arbitrary code, rights escalation and at a minimum, denial of service.
===============================================================
3) Description of Vulnerability
A format string vulnerability was discovered within etrust Antivirus 8.0. The vulnerability is due to improper processing of format strings within the scan job description field. An attacker could create a scan job containing special crafted format strings that could potential lead to execution of arbitrary code, rights escalation and at a minimum denial of service.
Other effected software identified by vendor:
Computer Associates: eTrust PestPatrol 8.0
Computer Associates: Integrated Threat Management 8.0
===============================================================
4) Solution

This vulnerability is addressed by vendor in Content
Update build 432.
Client GUI Vulnerability Content Update - build 432
http://supportconnectw.ca.com/public/eitm/infodocs/etrustitmvuln-contentupdate.asp
===============================================================
5) Time Table
05/04/2006 – Reported Vulnerability to Vendor.
06/27/2006 – Vulnerability fixed & public disclosure.
===============================================================
6) Credits
Discovered by Deral Heiland, www.LayeredDefense.com ===============================================================
7) References
CAID: 34325
CAID Advisory link: http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34325

CVE Reference:
CVE-2006-3223 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3223

OSVDB Reference:
OSVDB-26654 http://osvdb.org/26654
===============================================================
9) About Layered Defense
Layered Defense, Is a group of security professionals that work together on ethical Research, Testing and Training within the information security arena.
http://www.layereddefense.com
===============================================================

Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close