Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17209
HistoryJun 11, 2007 - 12:00 a.m.

[CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer Overflow Vulnerabilities

2007-06-1100:00:00
vulners.com
9
JSON

Title: [CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer
Overflow Vulnerabilities

CA Vuln ID (CAID): 35395, 35396

CA Advisory Date: 2007-06-05

Reported By: ZDI

Impact: Remote attackers can cause a denial of service or
potentially execute arbitrary code.

Summary: CA Anti-Virus engine contains multiple vulnerabilities
that can allow a remote attacker to cause a denial of service or
possibly execute arbitrary code. CA has issued an update to
address the vulnerabilities. The first vulnerability,
CVE-2007-2863, is due to insufficient bounds checking on filenames
contained in a CAB archive. The second vulnerability,
CVE-2007-2863, is due to insufficient bounds checking on the
"coffFiles" field. By using a specially malformed CAB file, an
attacker can cause a crash or take unauthorized action on an
affected system.

Mitigating Factors: None

Severity: CA has given these vulnerabilities a High risk rating.

Affected Products:
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) r8,
r8.1
CA Anti-Virus 2007 (v8)
eTrust EZ Antivirus r7, r6.1
CA Internet Security Suite 2007 (v3)
eTrust Internet Security Suite r1, r2
eTrust EZ Armor r1, r2, r3.x
CA Threat Manager for the Enterprise (formerly eTrust Integrated
Threat Management) r8
CA Protection Suites r2, r3
CA Secure Content Manager (formerly eTrust Secure Content
Manager) 8.0
CA Anti-Virus Gateway (formerly eTrust Antivirus eTrust Antivirus
Gateway) 7.1
Unicenter Network and Systems Management (NSM) r3.0
Unicenter Network and Systems Management (NSM) r3.1
Unicenter Network and Systems Management (NSM) r11
Unicenter Network and Systems Management (NSM) r11.1
BrightStor ARCserve Backup r11.5
BrightStor ARCserve Backup r11.1
BrightStor ARCserve Backup r11 for Windows
BrightStor Enterprise Backup r10.5
BrightStor ARCserve Backup v9.01
CA Common Services
CA Anti-Virus SDK (formerly eTrust Anti-Virus SDK)

Affected Platforms:
All

Status and Recommendation:
CA has issued content update 30.6 to address the vulnerabilities.
The updated engine is provided with content updates. Ensure the
latest content update is installed if the signature version is
less than version 30.6.

For BrightStor ARCserve Backup:

  1. To update the signatures one time only, open a command window,
    change into the "C:\Program Files\CA\SharedComponents\ScanEngine"
    directory, and enter the following command:

inodist /cfg inodist.ini

  1. To update on a regular schedule:
  • Submit a GenericJob using the ARCserve Job Scheduler. Please
    search the BrightStor Administrator's Guide for 'Antivirus
    Maintenance' and follow the directions.

Or

  • Use the above command line instruction with the AT Scheduler.

Workaround: None

References (URLs may wrap):
CA SupportConnect:
http://supportconnect.ca.com/
CA SupportConnect Security Notice for this vulnerability:
Security Notice for CA products implementing the Anti-Virus engine
http://supportconnectw.ca.com/public/antivirus/infodocs/caantivirus-securitynotice.asp
CA Security Advisor posting: CA Anti-Virus Engine CAB File Buffer
Overflow Vulnerabilities
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=144680
CAID: 35395, 35396
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35395
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35396
Reported By: ZDI
ZDI Advisory: ZDI-07-034, ZDI-07-035
http://www.zerodayinitiative.com/advisories/ZDI-07-034.html
http://www.zerodayinitiative.com/advisories/ZDI-07-035.html
CVE References: CVE-2007-2863, CVE-2007-2864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2863
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2864
OSVDB References: OSVDB-35244, OSVDB-35245
http://osvdb.org/35244
http://osvdb.org/35245

Changelog for this advisory:
v1.0 - Initial Release

Customers who require additional information should contact CA
Technical Support at http://supportconnect.ca.com.

For technical questions or comments related to this advisory,
please send email to vuln AT ca DOT com.

If you discover a vulnerability in CA products, please report your
findings to vuln AT ca DOT com, or utilize our "Submit a
Vulnerability" form.
URL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx

Regards,
Ken Williams ; 0xE2941985
Director, CA Vulnerability Research

CA, 1 CA Plaza, Islandia, NY 11749

Contact http://www.ca.com/us/contact/
Legal Notice http://www.ca.com/us/legal/
Privacy Policy http://www.ca.com/us/privacy/
Copyright (c) 2007 CA. All rights reserved.

Related

checkpoint_security 1
securityvulns 3
prion 2
saint 4
packetstorm 1
cert 2
checkpoint_advisories 1
zdi 2
cve 2
checkpoint_security
checkpoint_security
CA Products Anti-Virus Engine CAB File Handling Vulnerabilities (CVE-2007-2863, CVE-2007-2864)
2007-06-09 21:00:00
securityvulns
securityvulns
CA multiple antiviral products buffer overflow
2007-06-11 00:00:00
[Full-disclosure] ZDI-07-034: CA Multiple Product AV Engine CAB Filename Parsing Stack Overflow Vulnerability
2007-06-06 00:00:00
ZDI-07-035: CA Multiple Product AV Engine CAB Header Parsing Stack Overflow Vulnerability
2007-06-06 00:00:00
prion
prion
Stack overflow
2007-06-06 21:30:00
Stack overflow
2007-06-06 21:30:00
saint
saint
CA Antivirus engine CAB handling buffer overflow
2007-06-07 00:00:00
CA Antivirus engine CAB handling buffer overflow
2007-06-07 00:00:00
CA Antivirus engine CAB handling buffer overflow
2007-06-07 00:00:00
packetstorm
packetstorm
CA Antivirus Engine CAB Buffer Overflow
2009-11-26 00:00:00
cert
cert
Computer Associates Anti-Virus engine fails to properly handle long file names in CAB archives
2007-06-06 00:00:00
Computer Associates Anti-Virus engine fails to properly handle malformed CAB archives
2007-06-06 00:00:00
checkpoint_advisories
checkpoint_advisories
CA Multiple Products AV Engine CAB Header Parsing Stack Overflow (CVE-2007-2864)
2011-03-27 00:00:00
zdi
zdi
CA Multiple Product AV Engine CAB Header Parsing Stack Overflow Vulnerability
2007-06-05 00:00:00
CA Multiple Product AV Engine CAB Filename Parsing Stack Overflow Vulnerability
2007-06-05 00:00:00
cve
cve
CVE-2007-2863
2007-06-06 21:30:00
CVE-2007-2864
2007-06-06 21:30:00
JSON
Related for SECURITYVULNS:DOC:17209
checkpoint_security1securityvulns3prion2saint4packetstorm1cert2checkpoint_advisories1zdi2cve2