TITLE: CA Products Scan Job Description Format String Vulnerability SECUNIA ADVISORY ID: SA20856
VERIFY ADVISORY: http://secunia.com/advisories/20856/ CRITICAL: Less critical IMPACT: DoS, System access WHERE: >From local network SOFTWARE: CA eTrust PestPatrol Anti-Spyware Corporate Edition 8.x http://secunia.com/product/10673/ CA Integrated Threat Management (ITM) 8.x http://secunia.com/product/7112/ eTrust Antivirus 8.x http://secunia.com/product/10672/ DESCRIPTION: A vulnerability has been reported in some CA products, which can be exploited by malicious users to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused due to a format string error within the handling of the description field of a scan job. This can be exploited to cause the affect products to crash and may allow arbitrary code execution via a specially crafted scan job description that contains format string specifiers. Successful exploitation requires that the user is able to create a scan job. The vulnerability has been reported in the following products: * CA Integrated Threat Management r8 * eTrust Antivirus r8 * eTrust PestPatrol Anti-Spyware Corporate Edition r8 SOLUTION: The vulnerability has been fixed in Content Update build 432 via the content update mechanism. PROVIDED AND/OR DISCOVERED BY: The vendor credits Deral Heiland. ORIGINAL ADVISORY: http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34325 http://supportconnectw.ca.com/public/eitm/infodocs/etrustitmvuln-contentupdate.asp ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
