TITLE: CA eTrust Common Services Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA12092 VERIFY ADVISORY: http://secunia.com/advisories/12092/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network SOFTWARE: CA eTrust Security Command Center 1.x http://secunia.com/product/3693/ CA eTrust Common Services 1.x http://secunia.com/product/3692/ DESCRIPTION: Cengiz Aykanat has reported two vulnerabilities in eTrust Common Services, allowing malicious people to cause a Denial of Service. 1) The problem is that the service fails to properly handle a long and specially crafted URL. Reportedly this can only be exploited to cause the Portal Service to crash. 2) The problem is that the service fails to properly handle a large number of connections. This causes the Transport Service to crash. CA eTrust Common Services version 1.1 and CA eTrust Security Command Center 1.0 has been reported vulnerable. SOLUTION: The vendor has supplied the following references for solutions: http://esupport.ca.com/index.html?/premium/etrust/etrust_scc/downloads/QO56897.asp http://esupport.ca.com/index.html?/premium/etrust/etrust_scc/downloads/QO56729.asp PROVIDED AND/OR DISCOVERED BY: Cengiz Aykanat ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org ----------------------------------------------------------------------