Info

Disclosure

Sep 20, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

There is an API function to create your own alerts: eTSAPISend.exe. The service does not use any authentication, so the attacker may script the binary to send thousands of false-positive alerts to the Security Command Center, diverting attention and resources from real threats.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Workaround
Exploit: Exploit Public
Disclosure: OSVDB Verified, Vendor Verified, Coordinated Disclosure
OSVDB: Security Software

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Use a perimeter firewall to block access to the Event system.

Products

Computer Associates	eTrust Security Command Center	1.0
		r8
		r8 SP1 CR1
		r8 SP1 CR2
	eTrust Audit	1.5
		r8

References

CVE ID: 2006-4901 (see also: NVD)
Secunia Advisory ID: 22023 22073
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0357.html
http://archives.neohapsis.com/archives/fulldisclosure/2006-09/0387.html
Other Advisory URL: http://www.aushack.com/200608-computerassociates.txt
http://www.osisecurity.com.au/advisories/computer-associates-etrust-security-command-center-multiple-vulnerabilities
Vendor URL: http://www.ca.com/
Vendor Specific Advisory URL: http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744&pid=93243&date=2006/9 [ Link is 404 ]

Credit

Patrick Webster - patrickaushack.com - aushack

Direct URL: http://osvdb.org/29011

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Computer Associates

eTrust Security Command Center

eTrust Audit

References

Credit