CA eTrust Antivirus Format String Bug in Scan Job Description Field Lets Local Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1016391 |
|
SecurityTracker URL: http://securitytracker.com/id/1016391
|
|
CVE Reference:
CVE-2006-3223
(Links to External Site)
|
Updated: Jun 29 2006
|
Original Entry Date: Jun 27 2006
|
Impact:
Execution of arbitrary code via local system, User access via local system
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): r8
|
Description:
A vulnerability was reported in Computer Associates eTrust Antivirus. A local user may be able to execute arbitrary code on the target system.
The description field of a scan job is not properly validated. A user that can create a scan job can create a specially crafted scan job description that contains format string specifiers. Then, when the job is processed, the process may crash or execute arbitrary code.
CA Integrated Threat Management and eTrust PestPatrol are also affected.
The vendor was notified on May 4, 2006.
Deral Heiland of LayeredDefense.com discovered this vulnerability.
|
Impact:
A local user may be able to execute arbitrary code on the target system.
|
Solution:
The vendor has issued a fix as part of Content Update build 432.
|
Vendor URL: www.ca.com/ (Links to External Site)
|
Cause:
Input validation error, State error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 27 Jun 2006 15:18:52 -0400
Subject: [Full-disclosure] CAID 34325 - CA ITM, eAV,
|
Title: CAID 34325 - CA ITM, eAV, ePP scan job description field format
string vulnerability
CA Vulnerability ID: 34325
CA Advisory Date: 2006-06-26
Discovered By: Deral Heiland (www.layereddefense.com)
Impact: Attackers can cause a denial of service condition or possibly
execute arbitrary code.
Summary: CA Integrated Threat Management, eTrust Antivirus, and eTrust
PestPatrol contain a vulnerability that can allow attackers to cause a
denial of service condition or possibly execute arbitrary code. The
vulnerability is due to improper processing of format strings in the
description field of a scan job. An attacker, who can create a scan job
containing format string directives, can potentially overwrite memory
to cause a crash or execute arbitrary code.
Mitigating Factors: None
Severity: CA has given this vulnerability a Medium risk rating.
Affected Products:
CA Integrated Threat Management r8
eTrust Antivirus r8
eTrust PestPatrol Anti-spyware Corporate Edition r8
Status and Recommendation: This vulnerability is addressed in Content
Update build 432. Use the content update mechanism to install this
update.
References: (URLs may wrap)
CA SupportConnect:
http://supportconnect.ca.com/
Client GUI Vulnerability Content Update - build 432
http://supportconnectw.ca.com/public/eitm/infodocs/etrustitmvuln-content
update.asp
CAID: 34325
CAID Advisory link:
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34325
CVE Reference:
CVE-2006-3223
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3223
OSVDB Reference:
OSVDB-26654 http://osvdb.org/26654
Changelog for this advisory:
v1.0 - Initial Release
Customers who require additional information should contact CA
Technical Support at http://supportconnect.ca.com.
For technical questions or comments related to this advisory,
please send email to vuln@ca.com, or contact me directly.
If you discover a vulnerability in CA products, please report
your findings to vuln@ca.com, or utilize our "Submit a
Vulnerability" form.
URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx
Regards,
Ken Williams ; 0xE2941985
Director, CA Vulnerability Research
CA, One Computer Associates Plaza. Islandia, NY 11749
Contact http://www3.ca.com/contact/
Legal Notice http://www3.ca.com/legal/
Privacy Policy http://www3.ca.com/privacy/
Copyright (c) 2006 CA. All rights reserved.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
|
|
