lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed Jun 28 14:48:23 2006 From: dh at layereddefense.com (Deral Heiland) Subject: Layered Defense Advisory: Format String Vuln in CA eTrust =============================================================== Layered Defense Advisory 27 June 2006 =============================================================== 1) Affected Software Computer Associates: eTrust Antivirus 8.0 Computer Associates: eTrust PestPatrol 8.0 Computer Associates: Integrated Threat Management 8.0 =============================================================== 2) Severity Rating: Medium risk Impact: Execution of arbitrary code, rights escalation and at a minimum, denial of service. =============================================================== 3) Description of Vulnerability A format string vulnerability was discovered within etrust Antivirus 8.0. The vulnerability is due to improper processing of format strings within the scan job description field. An attacker could create a scan job containing special crafted format strings that could potential lead to execution of arbitrary code, rights escalation and at a minimum denial of service. Other effected software identified by vendor: Computer Associates: eTrust PestPatrol 8.0 Computer Associates: Integrated Threat Management 8.0 =============================================================== 4) Solution This vulnerability is addressed by vendor in Content Update build 432. Client GUI Vulnerability Content Update - build 432 <http://supportconnectw.ca.com/public/eitm/infodocs/etrustitmvuln-contentupdate.asp>http://supportconnectw.ca.com/public/eitm/infodocs/etrustitmvuln-contentupdate.asp =============================================================== 5) Time Table 05/04/2006 ? Reported Vulnerability to Vendor. 06/27/2006 ? Vulnerability fixed & public disclosure. =============================================================== 6) Credits Discovered by Deral Heiland, www.LayeredDefense.com =============================================================== 7) References CAID: 34325 CAID Advisory link: <http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34325>http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34325 CVE Reference: CVE-2006-3223 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3223>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3223 OSVDB Reference: OSVDB-26654 <http://osvdb.org/26654>http://osvdb.org/26654 =============================================================== 9) About Layered Defense Layered Defense, Is a group of security professionals that work together on ethical Research, Testing and Training within the information security arena. <http://www.layereddefense.com/>http://www.layereddefense.com ===============================================================
Powered by blists - more mailing lists