---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: CA Anti-Virus Engine Archive Files Detection Bypass SECUNIA ADVISORY ID: SA33712 VERIFY ADVISORY: http://secunia.com/advisories/33712/ CRITICAL: Not critical IMPACT: Security Bypass WHERE: >From remote SOFTWARE: eTrust Secure Content Manager (SCM) http://secunia.com/advisories/product/3391/ eTrust Intrusion Detection 3.x http://secunia.com/advisories/product/3390/ eTrust Intrusion Detection 2.x http://secunia.com/advisories/product/14867/ eTrust EZ Antivirus 7.x http://secunia.com/advisories/product/4338/ eTrust EZ Antivirus 6.x http://secunia.com/advisories/product/4091/ CA Unicenter Network and Systems Management (NSM) 3.x http://secunia.com/advisories/product/1683/ CA Unicenter Network and Systems Management (NSM) 11.x http://secunia.com/advisories/product/14437/ CA Threat Manager 8.x http://secunia.com/advisories/product/7112/ CA Protection Suites 3.x http://secunia.com/advisories/product/14804/ CA Protection Suites 2.x http://secunia.com/advisories/product/14865/ CA Internet Security Suite Plus 2008 http://secunia.com/advisories/product/18834/ CA Internet Security Suite 2007 http://secunia.com/advisories/product/14434/ CA Common Services (CCS) 11.x http://secunia.com/advisories/product/14868/ CA ARCserve Backup 12.x http://secunia.com/advisories/product/18471/ CA Anti-Virus SDK http://secunia.com/advisories/product/14869/ CA Anti-Virus Gateway 7.x http://secunia.com/advisories/product/14864/ CA Anti-Virus for the Enterprise 8.x http://secunia.com/advisories/product/10672/ CA Anti-Virus 2008 (9.x) http://secunia.com/advisories/product/18027/ CA Anti-Virus 2007 (8.x) http://secunia.com/advisories/product/14433/ CA Anti-Spyware 8.x http://secunia.com/advisories/product/10673/ CA Anti-Spyware 2007 http://secunia.com/advisories/product/14866/ BrightStor ARCserve Backup Client Agent 11.x http://secunia.com/advisories/product/8119/ BrightStor ARCserve Backup 11.x (for Windows) http://secunia.com/advisories/product/3099/ BrightStor ARCserve Backup 11.x (for Oracle) http://secunia.com/advisories/product/8147/ BrightStor ARCserve Backup 11.x (for Open Files) http://secunia.com/advisories/product/8250/ BrightStor ARCserve Backup 11.x (for Microsoft SQL Server) http://secunia.com/advisories/product/8144/ BrightStor ARCserve Backup 11.x http://secunia.com/advisories/product/312/ CA Anti-Spyware 2008 http://secunia.com/advisories/product/21172/ CA eTrust Intrusion Detection 4.x http://secunia.com/advisories/product/21173/ DESCRIPTION: Some weaknesses have been reported in various CA products, which can be exploited by malware to bypass the scanning functionality. The weaknesses are caused due to errors in the handling of various archive file formats within the Arclib Archive Library ("arclib"), which can be exploited to bypass the anti-virus scanning functionality via specially crafted archive files. The weaknesses are reported in the following products and versions: * CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1, r8, r8.1 * CA Anti-Virus 2007 (v8), 2008 * eTrust EZ Antivirus r7, r6.1 * CA Internet Security Suite 2007 (v3), 2008 * CA Internet Security Suite Plus 2008 * CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8, 8.1 * CA Anti-Virus Gateway (formerly eTrust Antivirus Gateway) 7.1 * CA Protection Suites r2, r3, r3.1 * CA Secure Content Manager (formerly eTrust Secure Content Manager) 8.0, 8.1 * CA Anti-Spyware for the Enterprise (Formerly eTrust PestPatrol) r8, 8.1 * CA Anti-Spyware 2007, 2008 * CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r3.0, r3.1, r11, r11.1 * CA ARCserve Backup r11.1, r11.5, r12 on Windows * CA ARCserve Backup r11.1, r11.5 Linux * CA ARCserve client agent for Windows * CA eTrust Intrusion Detection 2.0 SP1, 3.0, 3.0 SP1, 4.0 * CA Common Services (CCS) r11, r11.1 * CA Anti-Virus SDK (formerly eTrust Anti-Virus SDK) SOLUTION: The vendor has released arclib version 7.3.0.15 in September 2008, which has been deployed via automatic updates (please see the vendor advisory for details). PROVIDED AND/OR DISCOVERED BY: The vendor credits Thierry Zoller and Sergio Alvarez of n.runs AG. ORIGINAL ADVISORY: CA (CA20090126-01): https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197601 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------