Title: [CAID 35112]: CA eTrust Intrusion Detection Denial of Service Vulnerability CA Vuln ID (CAID): 35112 CA Advisory Date: 2007-02-27 Reported By: iDefense Impact: Remote attackers can cause a denial of service condition. Summary: CA eTrust Intrusion Detection contains a vulnerability that can allow a remote attacker to cause a denial of service condition. Mitigating Factors: None Severity: CA has given this vulnerability a Medium risk rating. Affected Products: eTrust Intrusion Detection 3.0 SP1 eTrust Intrusion Detection 3.0 eTrust Intrusion Detection 2.0 SP1 Affected Platforms: Windows Status and Recommendation: Customers with vulnerable versions of the eTrust Intrusion Detection product should upgrade with the latest patches, which are available for download from http://supportconnect.ca.com. eTrust Intrusion Detection 3.0 SP1 - QO85469 eTrust Intrusion Detection 3.0 - QO85472 eTrust Intrusion Detection 2.0 SP1 - QO85488 How to determine if the installation is affected: 1. Locate the file SW3eng.exe with Windows Explorer. For 3.0 and 3.0 SP1, the file is located in the "Program Files\CA\eTrust\Intrusion Detection\engine\" directory. For 2.0, the file is located in the "Program Files\eTrust\Intrusion Detection\engine\" directory. 2. Right click SW3eng.exe and choose Properties 3. Select the Version tab The installation is vulnerable if the version of SW3eng.exe is less than the version indicated below: eTrust Intrusion Detection 3.0 SP1 - SW3eng.exe 3.0.5.80 eTrust Intrusion Detection 3.0 - SW3eng.exe 3.0.2.07 eTrust Intrusion Detection 2.0 SP1 - SW3eng.exe 2.0.0.41 Workaround: In the case where applying the patch is not feasible, ensure only authorized hosts are permitted to connect to the Engine service port, 9191 by default, on the host running eTrust Intrusion Detection. References (URLs may wrap): CA SupportConnect: http://supportconnect.ca.com/ CA SupportConnect Security Notice for this vulnerability: Security Notice for eTrust Intrusion Detection http://supportconnectw.ca.com/public/ca_common_docs/eid_secnotice.asp Solution Document Reference APARs: QO85469, QO85472, QO85488 CA Security Advisor posting: CA eTrust Intrusion Detection Denial of Service Vulnerability http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=100784 CAID: 35112 CAID Advisory link: http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=35112 Reported By: iDefense iDefense advisory 02.27.07: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=484 CVE Reference: CVE-2007-1005 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1005 OSVDB Reference: OSVDB ID: 32290 http://osvdb.org/32290 Changelog for this advisory: v1.0 - Initial Release Customers who require additional information should contact CA Technical Support at http://supportconnect.ca.com. For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com. If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form. URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research CA, One CA Plaza, Islandia, NY 11749 Contact http://www3.ca.com/contact/ Legal Notice http://www3.ca.com/legal/ Privacy Policy http://www3.ca.com/privacy/ Copyright (c) 2007 CA. All rights reserved.