35244 : CA Anti-Virus Engine CAB Archive Filename Parsing Overflow
Printer | http://osvdb.org/35244 | Email This | Edit Vulnerability

Views This Week

Views All Time

497

Info

Last Modified

10 months ago

Percent Complete

90%

Disclosure

Jun 05, 2007

Discovery

Nov 08, 2006

Dates

Exploit

Unknown

Solution

Unknown

Description

A buffer overflow exists in multiple CA products. The Anti-Virus engine fails to validate CAB archive files resulting in a stack overflow. With a specially crafted CAB containing a file with a long filename, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, CA has released a patch to address this vulnerability.

Products

CA	Anti-Virus	2007 (v8)
	eTrust EZ Antivirus	r7
	eTrust EZ Antivirus	R6.1
	BrightStor ARCserve Backup	r11.5
		r11.1
		r11 for Windows
		r10.5
		v9.01
	Internet Security Suite	2007 (v3)
	Anti-Virus for the Enterprise	R8
	Anti-Virus for the Enterprise	R8.1
	eTrust Internet Security Suite	R1
	eTrust Internet Security Suite	r2
	eTrust EZ Armor	R1
		r2
		r3.x
	Threat Manager for the Enterprise	R8
	Protection Suites	r2
	Protection Suites	R3
	Secure Content Manager	8.0
	Anti-Virus Gateway	7.1
	Unicenter Network and Systems Management	r3.0
		r3.1
		r11
		r11.1
	Common Services	Unknown or Unspecified
	Anti-Virus SDK	Unknown or Unspecified

References

Security Tracker: 1018199
CVE ID: 2007-2863 (see also: NVD)
Bugtraq ID: 24331
Secunia Advisory ID: 25570
ISS X-Force ID: 34741
Related OSVDB ID: 35245
CERT VU: 739409
FrSIRT Advisory: ADV-2007-2072
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-06/0062.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0148.html
Vendor Specific Advisory URL: http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotic ......
Vendor Specific News/Changelog Entry: http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotic ......
Other Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-07-034.html

Credit

Unknown or Incomplete

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

CA

Anti-Virus

eTrust EZ Antivirus

BrightStor ARCserve Backup

Internet Security Suite

Anti-Virus for the Enterprise

eTrust Internet Security Suite

eTrust EZ Armor

Threat Manager for the Enterprise

Protection Suites

Secure Content Manager

Anti-Virus Gateway

Unicenter Network and Systems Management

Common Services

Anti-Virus SDK

References

Credit

Blogs

Comments