<<< Date Index >>>     <<< Thread Index >>>

[CAID 35112]: CA eTrust Intrusion Detection Denial of Service Vulnerability



Title: [CAID 35112]: CA eTrust Intrusion Detection Denial of Service
Vulnerability

CA Vuln ID (CAID): 35112

CA Advisory Date: 2007-02-27

Reported By: iDefense

Impact: Remote attackers can cause a denial of service condition.

Summary: CA eTrust Intrusion Detection contains a vulnerability that 
can allow a remote attacker to cause a denial of service condition. 

Mitigating Factors: None

Severity: CA has given this vulnerability a Medium risk rating.

Affected Products:
eTrust Intrusion Detection 3.0 SP1
eTrust Intrusion Detection 3.0
eTrust Intrusion Detection 2.0 SP1

Affected Platforms:
Windows

Status and Recommendation:
Customers with vulnerable versions of the eTrust Intrusion Detection
product should upgrade with the latest patches, which are available
for download from http://supportconnect.ca.com.

eTrust Intrusion Detection 3.0 SP1 - QO85469
eTrust Intrusion Detection 3.0 - QO85472
eTrust Intrusion Detection 2.0 SP1 - QO85488

How to determine if the installation is affected:
1. Locate the file SW3eng.exe with Windows Explorer. For 3.0 and 3.0
SP1, the file is located in the 
"Program Files\CA\eTrust\Intrusion Detection\engine\" directory. For
2.0, the file is located in the 
"Program Files\eTrust\Intrusion Detection\engine\" directory.
2. Right click SW3eng.exe and choose Properties 
3. Select the Version tab 

The installation is vulnerable if the version of SW3eng.exe is less 
than the version indicated below:
eTrust Intrusion Detection 3.0 SP1 - SW3eng.exe 3.0.5.80
eTrust Intrusion Detection 3.0  - SW3eng.exe 3.0.2.07
eTrust Intrusion Detection 2.0 SP1 - SW3eng.exe 2.0.0.41

Workaround:
In the case where applying the patch is not feasible, ensure only
authorized hosts are permitted to connect to the Engine service port,
9191 by default, on the host running eTrust Intrusion Detection.

References (URLs may wrap):
CA SupportConnect:
http://supportconnect.ca.com/
CA SupportConnect Security Notice for this vulnerability:
Security Notice for eTrust Intrusion Detection
http://supportconnectw.ca.com/public/ca_common_docs/eid_secnotice.asp
Solution Document Reference APARs:
QO85469, QO85472, QO85488
CA Security Advisor posting:
CA eTrust Intrusion Detection Denial of Service Vulnerability
http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=100784
CAID: 35112
CAID Advisory link:
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=35112
Reported By: iDefense
iDefense advisory 02.27.07:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=484
CVE Reference: CVE-2007-1005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1005
OSVDB Reference: OSVDB ID: 32290
http://osvdb.org/32290

Changelog for this advisory:
v1.0 - Initial Release

Customers who require additional information should contact CA
Technical Support at http://supportconnect.ca.com.

For technical questions or comments related to this advisory, please
send email to vuln AT ca DOT com.

If you discover a vulnerability in CA products, please report your
findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability"
form. 
URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx


Regards,
Ken Williams ; 0xE2941985
Director, CA Vulnerability Research

CA, One CA Plaza, Islandia, NY 11749
        
Contact http://www3.ca.com/contact/
Legal Notice http://www3.ca.com/legal/
Privacy Policy http://www3.ca.com/privacy/
Copyright (c) 2007 CA. All rights reserved.