Info

Disclosure

Jun 05, 2007

Discovery

Nov 08, 2006

Dates

Exploit

Jun 05, 2007

Solution

Jun 05, 2007

Description

A buffer overflow exists in multiple CA products. The Anti-Virus engine fails to validate CAB files resulting in a stack overflow. With a specially crafted CAB file containing a malformed "coffFiles" field, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public, Exploit Private, Exploit Commercial
Disclosure: OSVDB Verified, Vendor Verified
OSVDB: Security Software

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, CA has released a patch to address this vulnerability.

Products

CA	Anti-Virus for the Enterprise	r8
		R8.1
		r8
		R8.1
	Anti-Virus	2007 (v8)
	Anti-Virus	2007 (v8)
	eTrust EZ Antivirus	r7
		R6.1
		r7
		R6.1
	Internet Security Suite	2007 (v3)
	Internet Security Suite	2007 (v3)
	eTrust Internet Security Suite	R1
		r2
		R1
		r2
	eTrust EZ Armor	R1
		r2
		r3.x
		R1
		r2
		r3.x
	Threat Manager for the Enterprise	r8
	Threat Manager for the Enterprise	r8
	Protection Suites	r2
		R3
		r2
		R3
	Secure Content Manager	8.0
	Secure Content Manager	8.0
	Anti-Virus Gateway	7.1
	Anti-Virus Gateway	7.1
	Unicenter Network and Systems Management	r3.0
		r3.1
		r11
		r11.1
		r3.0
		r3.1
		r11
		r11.1
	BrightStor ARCserve Backup	r11.5
		r11.1
		r11 for Windows
		r10.5
		v9.01
		r11.5
		r11.1
		r11 for Windows
		r10.5
		v9.01
	Common Services	Unknown or Unspecified
	Common Services	Unknown or Unspecified
	Anti-Virus SDK	Unknown or Unspecified
	Anti-Virus SDK	Unknown or Unspecified

References

Security Tracker: 1018199
CERT VU: 105105
CVE ID: 2007-2864 (see also: NVD)
Bugtraq ID: 24330
Secunia Advisory ID: 25570
ISS X-Force ID: 34737
Related OSVDB ID: 35244
Metasploit ID: 35245
VUPEN Advisory: ADV-2007-2072
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-06/0060.html
http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0148.html
Vendor Specific Advisory URL: http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp
Generic Exploit URL: http://www.saintcorporation.com/cgi-bin/exploit_info/ca_antivirus_cab
Other Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-07-035.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/35245

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

CA

Anti-Virus for the Enterprise

Anti-Virus

eTrust EZ Antivirus

Internet Security Suite

eTrust Internet Security Suite

eTrust EZ Armor

Threat Manager for the Enterprise

Protection Suites

Secure Content Manager

Anti-Virus Gateway

Unicenter Network and Systems Management

BrightStor ARCserve Backup

Common Services

Anti-Virus SDK

References

Credit