CA eTrust Antivirus Format String Bug in Scan Job Description Field Lets Local Users Execute Arbitrary Code
SecurityTracker Alert ID: 1016391|
SecurityTracker URL: http://securitytracker.com/id/1016391
(Links to External Site)
Updated: Jun 29 2006|
Original Entry Date: Jun 27 2006
Execution of arbitrary code via local system, User access via local system|
Fix Available: Yes Vendor Confirmed: Yes |
A vulnerability was reported in Computer Associates eTrust Antivirus. A local user may be able to execute arbitrary code on the target system.|
The description field of a scan job is not properly validated. A user that can create a scan job can create a specially crafted scan job description that contains format string specifiers. Then, when the job is processed, the process may crash or execute arbitrary code.
CA Integrated Threat Management and eTrust PestPatrol are also affected.
The vendor was notified on May 4, 2006.
Deral Heiland of LayeredDefense.com discovered this vulnerability.
A local user may be able to execute arbitrary code on the target system.|
The vendor has issued a fix as part of Content Update build 432.|
Vendor URL: www.ca.com/ (Links to External Site)
Input validation error, State error|
|Underlying OS: Windows (Any)|
Source Message Contents
Subject: [Full-disclosure] CAID 34325 - CA ITM, eAV,|
Title: CAID 34325 - CA ITM, eAV, ePP scan job description field format
CA Vulnerability ID: 34325
CA Advisory Date: 2006-06-26
Discovered By: Deral Heiland (www.layereddefense.com)
Impact: Attackers can cause a denial of service condition or possibly
execute arbitrary code.
Summary: CA Integrated Threat Management, eTrust Antivirus, and eTrust
PestPatrol contain a vulnerability that can allow attackers to cause a
denial of service condition or possibly execute arbitrary code. The
vulnerability is due to improper processing of format strings in the
description field of a scan job. An attacker, who can create a scan job
containing format string directives, can potentially overwrite memory
to cause a crash or execute arbitrary code.
Mitigating Factors: None
Severity: CA has given this vulnerability a Medium risk rating.
CA Integrated Threat Management r8
eTrust Antivirus r8
eTrust PestPatrol Anti-spyware Corporate Edition r8
Status and Recommendation: This vulnerability is addressed in Content
Update build 432. Use the content update mechanism to install this
References: (URLs may wrap)
Client GUI Vulnerability Content Update - build 432
CAID Advisory link:
Changelog for this advisory:
v1.0 - Initial Release
Customers who require additional information should contact CA
Technical Support at http://supportconnect.ca.com.
For technical questions or comments related to this advisory,
please send email to firstname.lastname@example.org, or contact me directly.
If you discover a vulnerability in CA products, please report
your findings to email@example.com, or utilize our "Submit a
Ken Williams ; 0xE2941985
Director, CA Vulnerability Research
CA, One Computer Associates Plaza. Islandia, NY 11749
Legal Notice http://www3.ca.com/legal/
Copyright (c) 2006 CA. All rights reserved.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/