Security Bytes

May 10 2007   7:26AM GMT

CA patches security flaws

Leigha Leigha Cardwell Profile: Leigha

Those who use CA’s security products should be aware that the vendor has just fixed some critical flaws attackers could exploit to cause a denial of service or hijack a targeted machine.

Here are the details as told by the French Security Incident Response Team (FrSIRT):

“Two vulnerabilities have been identified in CA Anti-Virus, CA Anti-Spyware and CA Threat Manager, which could be exploited by attackers or malware to cause a denial of service or take complete control of an affected system. The first issue is caused by a stack overflow error in the Console Server when processing malformed login credentials sent to port 12168/TCP, which could be exploited by remote unauthenticated attackers to execute arbitrary code with elevated privileges. The second vulnerability is caused by a stack overflow error in ‘InoCore.dll’ when handling file mapping contents, which could be exploited by local attackers to gain elevated privileges.”

The problems affect CA Anti-Virus for the Enterprise (eTrust Antivirus) r8, CA Threat Manager (eTrust Integrated Threat Management) r8 and CA Anti-Spyware (eTrust PestPatrol) r8.

Fixes are available through CA’s automatic update feature.

Technorati Tags: , , , ,

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: