CA eTrust Intrusion Detection contains a vulnerability that can allow a remote attacker to cause a denial of service condition. Affected Products include eTrust Intrusion Detection 3.0 SP1, eTrust Intrusion Detection 3.0, and eTrust Intrusion Detection 2.0 SP1.
c4aff44d742dff175c969692af2d23c9c6f951c0f4edf0ab1e710a1fed11ce69
Title: [CAID 35112]: CA eTrust Intrusion Detection Denial of Service
Vulnerability
CA Vuln ID (CAID): 35112
CA Advisory Date: 2007-02-27
Reported By: iDefense
Impact: Remote attackers can cause a denial of service condition.
Summary: CA eTrust Intrusion Detection contains a vulnerability that
can allow a remote attacker to cause a denial of service condition.
Mitigating Factors: None
Severity: CA has given this vulnerability a Medium risk rating.
Affected Products:
eTrust Intrusion Detection 3.0 SP1
eTrust Intrusion Detection 3.0
eTrust Intrusion Detection 2.0 SP1
Affected Platforms:
Windows
Status and Recommendation:
Customers with vulnerable versions of the eTrust Intrusion Detection
product should upgrade with the latest patches, which are available
for download from http://supportconnect.ca.com.
eTrust Intrusion Detection 3.0 SP1 - QO85469
eTrust Intrusion Detection 3.0 - QO85472
eTrust Intrusion Detection 2.0 SP1 - QO85488
How to determine if the installation is affected:
1. Locate the file SW3eng.exe with Windows Explorer. For 3.0 and 3.0
SP1, the file is located in the
"Program Files\CA\eTrust\Intrusion Detection\engine\" directory. For
2.0, the file is located in the
"Program Files\eTrust\Intrusion Detection\engine\" directory.
2. Right click SW3eng.exe and choose Properties
3. Select the Version tab
The installation is vulnerable if the version of SW3eng.exe is less
than the version indicated below:
eTrust Intrusion Detection 3.0 SP1 - SW3eng.exe 3.0.5.80
eTrust Intrusion Detection 3.0 - SW3eng.exe 3.0.2.07
eTrust Intrusion Detection 2.0 SP1 - SW3eng.exe 2.0.0.41
Workaround:
In the case where applying the patch is not feasible, ensure only
authorized hosts are permitted to connect to the Engine service port,
9191 by default, on the host running eTrust Intrusion Detection.
References (URLs may wrap):
CA SupportConnect:
http://supportconnect.ca.com/
CA SupportConnect Security Notice for this vulnerability:
Security Notice for eTrust Intrusion Detection
http://supportconnectw.ca.com/public/ca_common_docs/eid_secnotice.asp
Solution Document Reference APARs:
QO85469, QO85472, QO85488
CA Security Advisor posting:
CA eTrust Intrusion Detection Denial of Service Vulnerability
http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=100784
CAID: 35112
CAID Advisory link:
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=35112
Reported By: iDefense
iDefense advisory 02.27.07:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=484
CVE Reference: CVE-2007-1005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1005
OSVDB Reference: OSVDB ID: 32290
http://osvdb.org/32290
Changelog for this advisory:
v1.0 - Initial Release
Customers who require additional information should contact CA
Technical Support at http://supportconnect.ca.com.
For technical questions or comments related to this advisory, please
send email to vuln AT ca DOT com.
If you discover a vulnerability in CA products, please report your
findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability"
form.
URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx
Regards,
Ken Williams ; 0xE2941985
Director, CA Vulnerability Research
CA, One CA Plaza, Islandia, NY 11749
Contact http://www3.ca.com/contact/
Legal Notice http://www3.ca.com/legal/
Privacy Policy http://www3.ca.com/privacy/
Copyright (c) 2007 CA. All rights reserved.