SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Security)  >   eTrust Security Command Center Vendors:   CA
CA eTrust Security Command Center Lets Remote Authenticated Users Read/Delete Files and Lets Remote Users Conduct Replay Attacks
SecurityTracker Alert ID:  1016910
SecurityTracker URL:  http://securitytracker.com/id/1016910
CVE Reference:   CVE-2006-4899, CVE-2006-4900, CVE-2006-4901   (Links to External Site)
Date:  Sep 22 2006
Impact:   Disclosure of system information, Disclosure of user information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.0, r8, r8 SP1 CR1, r8 SP1 CR2
Description:   A vulnerability was reported in eTrust Security Command Center. A remote authenticated user can view or delete files on the target system. A remote user can conduct replay attacks. A remote user can view the installation path.

A remote user can supply a specially crafted request to determine the web server path. eTrust Security Command Center Server component versions 1.0, r8, r8 SP1 CR1, and r8 SP1 CR2 are affected.

A remote authenticated user can also supply a specially crafted request to read or delete arbitrary files on the target system with the privileges of the service account. eTrust Security Command Center Server component versions r8, r8 SP1 CR1, and r8 SP1 CR2 are affected.

A remote user may be able to execute external replay attacks. eTrust Security Command Center Server component versions 1.0, r8, r8 SP1 CR1, and r8 SP1 CR2 are affected.

Patrick Webster of aushack.com discovered these vulnerabilities.

Impact:   A remote authenticated user can read or delete files on the target system with the privileges of the service account.

A remote user can determine the installation path.

A remote user can conduct replay attacks.

Solution:   The vendor has issued a patch for the path disclosure and file read/delete vulnerabilities, available at:

http://supportconnectw.ca.com/public/etrust/etrust_scc/downloads/etrustscc_updates.asp

No fix is available for the replay vulnerability. The vendor recommends using perimeter firewalls to mitigate the replay vulnerability.

The CA advisory is available at:

http://supportconnectw.ca.com/public/etrust/etrust_scc/infodocs/etrustscc_notice.asp

Vendor URL:  supportconnectw.ca.com/public/etrust/etrust_scc/infodocs/etrustscc_notice.asp (Links to External Site)
Cause:   Access control error, Authentication error, Input validation error
Underlying OS:   Windows (Any)

Message History:   None.


 Source Message Contents

Date:  Thu, 21 Sep 2006 11:15:57 -0400
Subject:  [CAID 34616, 34617, 34618]: CA eSCC and eTrust Audit vulnerabilities


Title: CAID 34616, 34617, 34618: CA eTrust Security Command Center 
and eTrust Audit vulnerabilities

CA Vulnerability ID (CAID): 34616, 34617, 34618

CA Advisory Date: 2006-09-20

Discovered By: 
Patrick Webster of aushack.com

Impact: Remote attacker can read/delete files, or potentially 
execute replay attacks.

Summary: CA eTrust Security Command Center (eSCC) and eTrust Audit 
contain multiple remotely exploitable vulnerabilities.
o The first vulnerability allows attackers to discover the web 
  server path on Windows platforms.  This vulnerability affects 
  eTrust Security Command Center Server component versions 1.0, 
  r8, r8 SP1 CR1, and r8 SP1 CR2.
o The second vulnerability allows attackers to read and delete 
  arbitrary files from the host server with permissions of the 
  service account. This vulnerability affects eTrust Security 
  Command Center Server component versions r8, r8 SP1 CR1, and 
  r8 SP1 CR2.
o The third vulnerability allows attackers to potentially execute 
  external replay attacks. To mitigate this vulnerability, users 
  should utilize perimeter firewalls to block access to the event 
  system. This vulnerability affects eTrust Security Command 
  Center Server component versions 1.0, r8, r8 SP1 CR1, and 
  r8 SP1 CR2, and eTrust Audit versions 1.5 and r8.

Mitigating Factors: Attacker must have valid authentication 
credentials to read or delete files, as described in the second 
vulnerability above.

Severity: CA has given this vulnerability a Medium risk rating.

Affected Products:
CA eTrust Security Command Center 1.0
CA eTrust Security Command Center r8
CA eTrust Security Command Center r8 SP1 CR1
CA eTrust Security Command Center r8 SP1 CR2
CA eTrust Audit 1.5
CA eTrust Audit r8 

Affected platforms:
Microsoft Windows

Status and Recommendation: 
Apply the appropriate patch to eTrust Security Command Center to 
address the first and second vulnerabilities described above. 
Patch URL (note that URL may wrap): 
http://supportconnectw.ca.com/public/etrust/etrust_scc/downloads/etrusts
cc_updates.asp
For the third vulnerability, utilize perimeter firewalls to block 
access to the event system.

Determining if you are affected:
Check the registry version key.
HKEY_LOCAL_MACHINE\SOFTWARE
\ComputerAssociates\eTrust Security Command Center
Look for Version key:
Version 1.0.15 (eTrust Security Command Center 1.0)
Version 8.0.11 (eTrust Security Command Center r8)
Version 8.0.25 (eTrust Security Command Center r8 SP1 CR1)
Version 8.0.25.8 (eTrust Security Command Center r8 SP1 CR2)

References (URLs may wrap): 
CA SupportConnect:
http://supportconnect.ca.com/
CA SupportConnect Security Notice for these vulnerabilities:
http://supportconnectw.ca.com/public/etrust/etrust_scc/infodocs/etrustsc
c_notice.asp
CAID: 34616, 34617, 34618
CAID Advisory link: 
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34616
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34617
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34618
Discoverer (Patrick Webster from aushack.com): 
http://users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.tx
t
CVE References: CVE-2006-4899, CVE-2006-4900, CVE-2006-4901
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4899
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4900
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4901
OSVDB References: OSVDB IDs: 29009, 29010, 29011
http://osvdb.org/29009
http://osvdb.org/29010
http://osvdb.org/29011

Changelog for this advisory:
v1.0 - Initial Release

Customers who require additional information should contact CA 
Technical Support at http://supportconnect.ca.com.

For technical questions or comments related to this advisory,
please send email to vuln@ca.com, or contact me directly.

If you discover a vulnerability in CA products, please report
your findings to vuln@ca.com, or utilize our "Submit a 
Vulnerability" form.
URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx


Regards,
Ken Williams ; 0xE2941985
Director, CA Vulnerability Research

CA, One Computer Associates Plaza. Islandia, NY 11749
	
Contact http://www3.ca.com/contact/
Legal Notice http://www3.ca.com/legal/
Privacy Policy http://www3.ca.com/privacy/
Copyright (c) 2006 CA. All rights reserved.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC