---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports. http://secunia.com/secunia_security_specialist/ ---------------------------------------------------------------------- TITLE: CA Products Scan Job Description Format String Vulnerability SECUNIA ADVISORY ID: SA20856 VERIFY ADVISORY: http://secunia.com/advisories/20856/ CRITICAL: Less critical IMPACT: DoS, System access WHERE: >From local network SOFTWARE: CA eTrust PestPatrol Anti-Spyware Corporate Edition 8.x http://secunia.com/product/10673/ CA Integrated Threat Management (ITM) 8.x http://secunia.com/product/7112/ eTrust Antivirus 8.x http://secunia.com/product/10672/ DESCRIPTION: A vulnerability has been reported in some CA products, which can be exploited by malicious users to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused due to a format string error within the handling of the description field of a scan job. This can be exploited to cause the affect products to crash and may allow arbitrary code execution via a specially crafted scan job description that contains format string specifiers. Successful exploitation requires that the user is able to create a scan job. The vulnerability has been reported in the following products: * CA Integrated Threat Management r8 * eTrust Antivirus r8 * eTrust PestPatrol Anti-Spyware Corporate Edition r8 SOLUTION: The vulnerability has been fixed in Content Update build 432 via the content update mechanism. PROVIDED AND/OR DISCOVERED BY: The vendor credits Deral Heiland. ORIGINAL ADVISORY: http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34325 http://supportconnectw.ca.com/public/eitm/infodocs/etrustitmvuln-contentupdate.asp ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------