Title: CAID 34616, 34617, 34618: CA eTrust Security Command Center and eTrust Audit vulnerabilities CA Vulnerability ID (CAID): 34616, 34617, 34618 CA Advisory Date: 2006-09-20 Discovered By: Patrick Webster of aushack.com Impact: Remote attacker can read/delete files, or potentially execute replay attacks. Summary: CA eTrust Security Command Center (eSCC) and eTrust Audit contain multiple remotely exploitable vulnerabilities. o The first vulnerability allows attackers to discover the web server path on Windows platforms. This vulnerability affects eTrust Security Command Center Server component versions 1.0, r8, r8 SP1 CR1, and r8 SP1 CR2. o The second vulnerability allows attackers to read and delete arbitrary files from the host server with permissions of the service account. This vulnerability affects eTrust Security Command Center Server component versions r8, r8 SP1 CR1, and r8 SP1 CR2. o The third vulnerability allows attackers to potentially execute external replay attacks. To mitigate this vulnerability, users should utilize perimeter firewalls to block access to the event system. This vulnerability affects eTrust Security Command Center Server component versions 1.0, r8, r8 SP1 CR1, and r8 SP1 CR2, and eTrust Audit versions 1.5 and r8. Mitigating Factors: Attacker must have valid authentication credentials to read or delete files, as described in the second vulnerability above. Severity: CA has given this vulnerability a Medium risk rating. Affected Products: CA eTrust Security Command Center 1.0 CA eTrust Security Command Center r8 CA eTrust Security Command Center r8 SP1 CR1 CA eTrust Security Command Center r8 SP1 CR2 CA eTrust Audit 1.5 CA eTrust Audit r8 Affected platforms: Microsoft Windows Status and Recommendation: Apply the appropriate patch to eTrust Security Command Center to address the first and second vulnerabilities described above. Patch URL (note that URL may wrap): http://supportconnectw.ca.com/public/etrust/etrust_scc/downloads/etrusts cc_updates.asp For the third vulnerability, utilize perimeter firewalls to block access to the event system. Determining if you are affected: Check the registry version key. HKEY_LOCAL_MACHINE\SOFTWARE \ComputerAssociates\eTrust Security Command Center Look for Version key: Version 1.0.15 (eTrust Security Command Center 1.0) Version 8.0.11 (eTrust Security Command Center r8) Version 8.0.25 (eTrust Security Command Center r8 SP1 CR1) Version 8.0.25.8 (eTrust Security Command Center r8 SP1 CR2) References (URLs may wrap): CA SupportConnect: http://supportconnect.ca.com/ CA SupportConnect Security Notice for these vulnerabilities: http://supportconnectw.ca.com/public/etrust/etrust_scc/infodocs/etrustsc c_notice.asp CAID: 34616, 34617, 34618 CAID Advisory link: http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34616 http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34617 http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34618 Discoverer (Patrick Webster from aushack.com): http://users.tpg.com.au/adsl2dvp/advisories/200608-computerassociates.tx t CVE References: CVE-2006-4899, CVE-2006-4900, CVE-2006-4901 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4899 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4900 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4901 OSVDB References: OSVDB IDs: 29009, 29010, 29011 http://osvdb.org/29009 http://osvdb.org/29010 http://osvdb.org/29011 Changelog for this advisory: v1.0 - Initial Release Customers who require additional information should contact CA Technical Support at http://supportconnect.ca.com. For technical questions or comments related to this advisory, please send email to vuln@xxxxxx, or contact me directly. If you discover a vulnerability in CA products, please report your findings to vuln@xxxxxx, or utilize our "Submit a Vulnerability" form. URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research CA, One Computer Associates Plaza. Islandia, NY 11749 Contact http://www3.ca.com/contact/ Legal Notice http://www3.ca.com/legal/ Privacy Policy http://www3.ca.com/privacy/ Copyright (c) 2006 CA. All rights reserved.
