Those who use CA’s security products should be aware that the vendor has just fixed some critical flaws attackers could exploit to cause a denial of service or hijack a targeted machine.
Here are the details as told by the French Security Incident Response Team (FrSIRT):
“Two vulnerabilities have been identified in CA Anti-Virus, CA Anti-Spyware and CA Threat Manager, which could be exploited by attackers or malware to cause a denial of service or take complete control of an affected system. The first issue is caused by a stack overflow error in the Console Server when processing malformed login credentials sent to port 12168/TCP, which could be exploited by remote unauthenticated attackers to execute arbitrary code with elevated privileges. The second vulnerability is caused by a stack overflow error in ‘InoCore.dll’ when handling file mapping contents, which could be exploited by local attackers to gain elevated privileges.”
The problems affect CA Anti-Virus for the Enterprise (eTrust Antivirus) r8, CA Threat Manager (eTrust Integrated Threat Management) r8 and CA Anti-Spyware (eTrust PestPatrol) r8.
Fixes are available through CA’s automatic update feature.