CAID 34325 - CA ITM, eAV, ePP scan job description field format string vulnerability

2006-06-28T00:00:00
ID SECURITYVULNS:DOC:13350
Type securityvulns
Reporter Securityvulns
Modified 2006-06-28T00:00:00

Description

Title: CAID 34325 - CA ITM, eAV, ePP scan job description field format string vulnerability

CA Vulnerability ID: 34325

CA Advisory Date: 2006-06-26

Discovered By: Deral Heiland (www.layereddefense.com)

Impact: Attackers can cause a denial of service condition or possibly execute arbitrary code.

Summary: CA Integrated Threat Management, eTrust Antivirus, and eTrust PestPatrol contain a vulnerability that can allow attackers to cause a denial of service condition or possibly execute arbitrary code. The vulnerability is due to improper processing of format strings in the description field of a scan job. An attacker, who can create a scan job containing format string directives, can potentially overwrite memory to cause a crash or execute arbitrary code.

Mitigating Factors: None

Severity: CA has given this vulnerability a Medium risk rating.

Affected Products: CA Integrated Threat Management r8 eTrust Antivirus r8 eTrust PestPatrol Anti-spyware Corporate Edition r8

Status and Recommendation: This vulnerability is addressed in Content Update build 432. Use the content update mechanism to install this update.

References: (URLs may wrap)

CA SupportConnect: http://supportconnect.ca.com/

Client GUI Vulnerability Content Update - build 432 http://supportconnectw.ca.com/public/eitm/infodocs/etrustitmvuln-content update.asp

CAID: 34325 CAID Advisory link: http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34325

CVE Reference: CVE-2006-3223 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3223

OSVDB Reference: OSVDB-26654 http://osvdb.org/26654

Changelog for this advisory: v1.0 - Initial Release

Customers who require additional information should contact CA Technical Support at http://supportconnect.ca.com.

For technical questions or comments related to this advisory, please send email to vuln@ca.com, or contact me directly.

If you discover a vulnerability in CA products, please report your findings to vuln@ca.com, or utilize our "Submit a Vulnerability" form. URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx

Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research

CA, One Computer Associates Plaza. Islandia, NY 11749

Contact http://www3.ca.com/contact/ Legal Notice http://www3.ca.com/legal/ Privacy Policy http://www3.ca.com/privacy/ Copyright (c) 2006 CA. All rights reserved.