ðòïåëôù 

  áòèé÷ 

Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 

  ðåòóïîáìøîïå 

  ðòïçòáííù 

ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA25202] CA Products Buffer Overflow and Privilege Escalation Vulnerabilities

> 
> TITLE:
> CA Products Buffer Overflow and Privilege Escalation Vulnerabilities
> 
> SECUNIA ADVISORY ID:
> SA25202
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/25202/
> 
> CRITICAL:
> Moderately critical
> 
> IMPACT:
> Privilege escalation, System access
> 
> WHERE:
> From local network
> 
> SOFTWARE:
> CA Anti-Spyware 8.x
> http://secunia.com/product/10673/
> CA Threat Manager 8.x
> http://secunia.com/product/7112/
> CA Anti-Virus for the Enterprise 8.x
> http://secunia.com/product/10672/
> 
> http://secunia.com/product//
> 
> DESCRIPTION:
> Two vulnerabilities have been reported in various CA products, which
> can be exploited by malicious users to gain escalated privileges and
> by malicious people to compromise a vulnerable system.
> 
> 1) A boundary error within the inoweb service when processing Console
> Server login credentials can be exploited to cause a stack-based
> buffer overflow via sending a specially crafted packet with overly
> long username and password fields to port 12168/TCP.
> 
> Successful exploitation allows execution of arbitrary code but
> requires an installation on the x86 platform with the Console Server
> installed.
> 
> The vulnerability affects the following products:
> * CA Anti-Virus for the Enterprise (formally eTrust Antivirus) r8
> * CA Threat Manager (formally eTrust Integrated Threat Management)
> r8
> * CA Anti-Spyware (formally eTrust PestPatrol) r8
> * CA Protection Suites r3
> 
> 2) The problem is that the Task Service component (InoTask.exe) uses
> a shared file mapping with a NULL security descriptor. This can be
> exploited by malicious users to cause a stack-based buffer overflow
> within InoCore.dll by modifying a certain string within the file
> mapping.
> 
> Successful exploitation allows execution of arbitrary code with
> SYSTEM privileges.
> 
> The vulnerability affects the following products:
> * CA Anti-Virus for the Enterprise (formally eTrust Antivirus) r8
> * CA Threat Manager (formally eTrust Integrated Threat Management) r8
> 
> SOLUTION:
> Patches are available via automatic updates.
> 
> PROVIDED AND/OR DISCOVERED BY:
> 1) Discovered by Tenable Network Security and reported via ZDI.
> 2) Discovered by binagres and reported via iDefense Labs.
> 
> ORIGINAL ADVISORY:
> CA:
> http://supportconnectw.ca.com/public/antivirus/infodocs/caav-s
> ecnotice050807.asp
> 
> ZDI:
> http://www.zerodayinitiative.com/advisories/ZDI-07-028.html
> 
> iDefense Labs:
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=530
>

 



Copyright © Lexa Software, 1996-2009.