CA eTrust Intrusion Detection System Key Exchange Remote Denial of Service Vulnerability
BID:22743
Info
CA eTrust Intrusion Detection System Key Exchange Remote Denial of Service Vulnerability
| Bugtraq ID: | 22743 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-1005 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 27 2007 12:00AM |
| Updated: | Feb 28 2007 10:26PM |
| Credit: | Discovery is credited to an anonymous researcher. |
| Vulnerable: |
Computer Associates eTrust Intrusion Detection 3.0 SP 1 Computer Associates eTrust Intrusion Detection 3.0 Computer Associates eTrust Intrusion Detection 2.0.0 SP1 |
| Not Vulnerable: | |
Discussion
CA eTrust Intrusion Detection System Key Exchange Remote Denial of Service Vulnerability
Computer Associates eTrust Intrusion Detection System is prone to a remote denial-of-service vulnerability.
This issue arises because the application fails to perform sufficient boundary checks when handling user-supplied data.
A successful attack can crash the administration service, denying further service to legitimate users.
eTrust Intrusion Detection System 2.0, 3.0 and 3.0 SP1 are vulnerable.
Computer Associates eTrust Intrusion Detection System is prone to a remote denial-of-service vulnerability.
This issue arises because the application fails to perform sufficient boundary checks when handling user-supplied data.
A successful attack can crash the administration service, denying further service to legitimate users.
eTrust Intrusion Detection System 2.0, 3.0 and 3.0 SP1 are vulnerable.
Exploit / POC
CA eTrust Intrusion Detection System Key Exchange Remote Denial of Service Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
CA eTrust Intrusion Detection System Key Exchange Remote Denial of Service Vulnerability
Solution:
The vendor has released patches to address this issue. Please see the references for more information.
Computer Associates eTrust Intrusion Detection 2.0.0 SP1
Computer Associates eTrust Intrusion Detection 3.0 SP 1
Computer Associates eTrust Intrusion Detection 3.0
Solution:
The vendor has released patches to address this issue. Please see the references for more information.
Computer Associates eTrust Intrusion Detection 2.0.0 SP1
-
Computer Associates QO85488
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO85 488
Computer Associates eTrust Intrusion Detection 3.0 SP 1
-
Computer Associates QO85469
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO85 469
Computer Associates eTrust Intrusion Detection 3.0
-
Computer Associates QO85472
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO85 472
References
CA eTrust Intrusion Detection System Key Exchange Remote Denial of Service Vulnerability
References:
References:
- CA eTrust Intrusion Detection Denial of Service Vulnerability (Williams, James K)
- eTrust Intrusion Detection Product Home Page (Computer Associates)
- iDefense Security Advisory 02.27.07: Computer Associates eTrust Intrusion Detec (iDefense Labs)