[<prev] [next>] [day] [month] [year] [list]
Message-ID: <649CDCB56C88AA458EFF2CBF494B620401643DB2@USILMS12.ca.com>
Date: Thu, 21 Sep 2006 11:20:19 -0400
From: "Williams, James K" <James.Williams@...com>
To: <full-disclosure@...ts.grok.org.uk>
Subject: [CAID 34616, 34617,
34618]: CA eSCC and eTrust Audit vulnerabilities
Title: CAID 34616, 34617, 34618: CA eTrust Security Command Center
and eTrust Audit vulnerabilities
CA Vulnerability ID (CAID): 34616, 34617, 34618
CA Advisory Date: 2006-09-20
Discovered By:
Patrick Webster of aushack.com
Impact: Remote attacker can read/delete files, or potentially
execute replay attacks.
Summary: CA eTrust Security Command Center (eSCC) and eTrust Audit
contain multiple remotely exploitable vulnerabilities.
o The first vulnerability allows attackers to discover the web
server path on Windows platforms. This vulnerability affects
eTrust Security Command Center Server component versions 1.0,
r8, r8 SP1 CR1, and r8 SP1 CR2.
o The second vulnerability allows attackers to read and delete
arbitrary files from the host server with permissions of the
service account. This vulnerability affects eTrust Security
Command Center Server component versions r8, r8 SP1 CR1, and
r8 SP1 CR2.
o The third vulnerability allows attackers to potentially execute
external replay attacks. To mitigate this vulnerability, users
should utilize perimeter firewalls to block access to the event
system. This vulnerability affects eTrust Security Command
Center Server component versions 1.0, r8, r8 SP1 CR1, and
r8 SP1 CR2, and eTrust Audit versions 1.5 and r8.
Mitigating Factors: Attacker must have valid authentication
credentials to read or delete files, as described in the second
vulnerability above.
Severity: CA has given this vulnerability a Medium risk rating.
Affected Products:
CA eTrust Security Command Center 1.0
CA eTrust Security Command Center r8
CA eTrust Security Command Center r8 SP1 CR1
CA eTrust Security Command Center r8 SP1 CR2
CA eTrust Audit 1.5
CA eTrust Audit r8
Affected platforms:
Microsoft Windows
Status and Recommendation:
Apply the appropriate patch to eTrust Security Command Center to
address the first and second vulnerabilities described above.
Patch URL (note that URL may wrap):
http://supportconnectw.ca.com/public/etrust/etrust_scc/downloads/etrusts
cc_updates.asp
For the third vulnerability, utilize perimeter firewalls to block
access to the event system.
Determining if you are affected:
Check the registry version key.
HKEY_LOCAL_MACHINE\SOFTWARE
\ComputerAssociates\eTrust Security Command Center
Look for Version key:
Version 1.0.15 (eTrust Security Command Center 1.0)
Version 8.0.11 (eTrust Security Command Center r8)
Version 8.0.25 (eTrust Security Command Center r8 SP1 CR1)
Version 8.0.25.8 (eTrust Security Command Center r8 SP1 CR2)
References (URLs may wrap):
CA SupportConnect:
http://supportconnect.ca.com/
CA SupportConnect Security Notice for these vulnerabilities:
http://supportconnectw.ca.com/public/etrust/etrust_scc/infodocs/etrustsc
c_notice.asp
CAID: 34616, 34617, 34618
CAID Advisory link:
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34616
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34617
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34618
Discoverer (Patrick Webster from aushack.com):
http://users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.tx
t
CVE References: CVE-2006-4899, CVE-2006-4900, CVE-2006-4901
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4899
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4900
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4901
OSVDB References: OSVDB IDs: 29009, 29010, 29011
http://osvdb.org/29009
http://osvdb.org/29010
http://osvdb.org/29011
Changelog for this advisory:
v1.0 - Initial Release
Customers who require additional information should contact CA
Technical Support at http://supportconnect.ca.com.
For technical questions or comments related to this advisory,
please send email to vuln@...com, or contact me directly.
If you discover a vulnerability in CA products, please report
your findings to vuln@...com, or utilize our "Submit a
Vulnerability" form.
URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx
Regards,
Ken Williams ; 0xE2941985
Director, CA Vulnerability Research
CA, One Computer Associates Plaza. Islandia, NY 11749
Contact http://www3.ca.com/contact/
Legal Notice http://www3.ca.com/legal/
Privacy Policy http://www3.ca.com/privacy/
Copyright (c) 2006 CA. All rights reserved.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists