Wednesday, July 25, 2007

[NEWS] Computer Associates AntiVirus CHM File Handling DoS Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html


- - - - - - - - -

Computer Associates AntiVirus CHM File Handling DoS Vulnerability
------------------------------------------------------------------------


SUMMARY

<http://www3.ca.com/solutions/product.aspx?ID=156> eTrust is an antivirus
application developed by Computer Associates. Remote exploitation of a
denial of Service (DoS) vulnerability in Computer Associates Inc.'s eTrust
Antivirus products could allow attackers to create a DoS condition on the
affected computer.

DETAILS

Vulnerable Systems:
* eTrust AntiVirus version r8.
* (Previous versions of eTrust Antivirus are suspected vulnerable).
* (Other Computer Associates products, as well as derived products, may
also be vulnerable).

When eTrust Antivirus engine scans a malformed CHM file that has an
invalid 'previous listing chunk number' field, the scanner will enter an
infinite loop and be unable to process any other files.

This denial of service attack will prevent the scanner from scanning other
files on disk while it is stuck on the exploit file. The hung process can
be quit by the user and does not consume all system resources.

Vendor Status:
Computer Associates has addressed this vulnerability by releasing updates.
These updates are available via the products' automatic update features.
More information is available within Computer Associates advisory at the
following URL.

<http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot.asp> http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot.asp

CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3875>
CVE-2007-3875

Disclosure Timeline:
* 01/16/2007 - Initial vendor notification
* 01/17/2007 - Initial vendor response
* 07/24/2007 - Coordinated public disclosure


ADDITIONAL INFORMATION

The information has been provided by iDefense.
The original article can be found at:

<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=567>

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=567

========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

No comments:

Post a Comment