ПРОЕКТЫ 


  АРХИВ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  СТАТЬИ 


  ПЕРСОНАЛЬНОЕ 


  ПРОГРАММЫ 



ПИШИТЕ
ПИСЬМА














     АРХИВ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA25570] CA Anti-Virus Engine CAB Archive Processing Buffer Overflows



> ----------------------------------------------------------------------
> 
> TITLE:
> CA Anti-Virus Engine CAB Archive Processing Buffer Overflows
> 
> SECUNIA ADVISORY ID:
> SA25570
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/25570/
> 
> CRITICAL:
> Highly critical
> 
> IMPACT:
> System access
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> BrightStor ARCserve Backup 11.x
> http://secunia.com/product/312/
> eTrust Secure Content Manager (SCM)
> http://secunia.com/product/3391/
> eTrust Internet Security Suite 2.x
> http://secunia.com/product/14436/
> eTrust Internet Security Suite 1.x
> http://secunia.com/product/14435/
> eTrust EZ Armor 2.x
> http://secunia.com/product/4092/
> eTrust EZ Antivirus 7.x
> http://secunia.com/product/4338/
> eTrust EZ Antivirus 6.x
> http://secunia.com/product/4091/
> CA Unicenter Network and Systems Management (NSM) 3.x
> http://secunia.com/product/1683/
> CA Unicenter Network and Systems Management (NSM) 11.x
> http://secunia.com/product/14437/
> CA Threat Manager 8.x
> http://secunia.com/product/7112/
> CA Server Protection Suite r2
> http://secunia.com/product/6873/
> CA Internet Security Suite 2007 (3.x)
> http://secunia.com/product/14434/
> CA Desktop Protection Suite r2
> http://secunia.com/product/6872/
> CA Common Services 3.x
> http://secunia.com/product/3249/
> CA Anti-Virus for the Enterprise 8.x
> http://secunia.com/product/10672/
> CA Anti-Virus 2007 (8.x)
> http://secunia.com/product/14433/
> BrightStor ARCserve Backup 11.x (for Microsoft SQL Server)
> http://secunia.com/product/8144/
> BrightStor ARCserve Backup 11.x (for Oracle)
> http://secunia.com/product/8147/
> BrightStor ARCserve Backup 11.x (for Open Files)
> http://secunia.com/product/8250/
> BrightStor ARCserve Backup 11.x (for Windows)
> http://secunia.com/product/3099/
> BrightStor ARCserve Backup 9.x
> http://secunia.com/product/313/
> BrightStor Enterprise Backup 10.x
> http://secunia.com/product/314/
> 
> DESCRIPTION:
> Two vulnerabilities have been reported in the CA Anti-Virus engine,
> which can be exploited by malicious people to compromise a vulnerable
> system.
> 
> 1) A boundary error in vete.dll when processing CAB archives can be
> exploited to cause a stack-based buffer overflow via a specially
> crafted CAB archive containing overly long filenames.
> 
> 2) An input validation error when processing the "coffFiles" field in
> CAB archives can be exploited to cause a stack-based buffer overflow.
> 
> Successful exploitation of the vulnerabilities allows execution of
> arbitrary code.
> 
> The vulnerabilities are reported in the following products:
> * CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8,
> r8.1
> * CA Anti-Virus 2007 (v8)
> * eTrust EZ Antivirus r7, r6.1
> * CA Internet Security Suite 2007 (v3)
> * eTrust Internet Security Suite r1, r2
> * eTrust EZ Armor r1, r2, r3.x
> * CA Threat Manager for the Enterprise (formerly eTrust Integrated
> Threat Management) r8
> * CA Protection Suites r2, r3
> * CA Secure Content Manager (formerly eTrust Secure Content Manager)
> 8.0
> * CA Anti-Virus Gateway (formerly eTrust Antivirus eTrust Antivirus
> Gateway) 7.1
> * Unicenter Network and Systems Management (NSM) r3.0
> * Unicenter Network and Systems Management (NSM) r3.1
> * Unicenter Network and Systems Management (NSM) r11
> * Unicenter Network and Systems Management (NSM) r11.1
> * BrightStor ARCserve Backup r11.5
> * BrightStor ARCserve Backup r11.1
> * BrightStor ARCserve Backup r11 for Windows
> * BrightStor Enterprise Backup r10.5
> * BrightStor ARCserve Backup v9.01
> * CA Common Services
> * CA Anti-Virus SDK (formerly eTrust Anti-Virus SDK)
> 
> SOLUTION:
> Content update 30.6 has been issued to address the vulnerabilities
> (please see the vendor's advisory for details).
> 
> PROVIDED AND/OR DISCOVERED BY:
> Discovered by an anonymous researcher and reported via ZDI.
> 
> ORIGINAL ADVISORY:
> CA:
> http://supportconnectw.ca.com/public/antivirus/infodocs/caanti
> virus-securitynotice.asp
> 
> ZDI:
> http://www.zerodayinitiative.com/advisories/ZDI-07-034.html
> http://www.zerodayinitiative.com/advisories/ZDI-07-035.html
> 
> 



 




Copyright © Lexa Software, 1996-2009.