Security flaw discovered in Computer Associates' eTrust system
April 6, 2005
According to an advisory issued by security research company iDefense, an important security hole has been discovered in Computer Associates' eTrust Intrusion Detection System that could make the application vulnerable to DoS (denial-of-service) attacks.
The security flaw enables a writer of malicious code to disable CA's eTrust Intrusion Detection System 3.0, which in turn weakens a company's defense against a DoS attack, said Michael Sutton, director of iDefense Labs.
The vulnerability stems from CA's intrusion detection system failing to check whether data is the correct size before passing it off to Microsoft's Crypto API function CPImportKey. Microsoft's Crypto API function CPImportKey also does not check the data once it has been passed on, Sutton said. As a result, any incorrectly sized data will create a problem with the memory, creating a "buffer overflow."
Sutton warned that other application vendors who use Microsoft's Crypto API function CPImportKey and whose own products also do not check the data's size before passing it on to the Microsoft API may face the same vulnerability.
"This vulnerability is not overly difficult to exploit," Sutton said. Computer Associates, which was initially notified of the flaw in early December, has issued an update for version 3.0 and 3.0 SP1, which includes a work-around to prevent the flaw from being exploited, said a company spokeswoman, declining further comment.
The eTrust Intrusion Detection vulnerability marks the latest security issue for Computer Associates. Last month, exploit code was discovered that could take advantage of flaws in CA's licensing software and launch a DoS attack.
In that particular case, the amount of time between the public disclosure of the vulnerability and the development of code to exploit the flaw was only a week. Security experts have become increasingly concerned over the speed in which malicious code generally appears after a vulnerability has been announced.
Source: C-Net News
Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.
You can link to the
Internet Security web site as
much as you like. Read our section on how your company can participate in our
reciprocal link exchange program
and increase your rankings
in the major search engines such as
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing