CA Portal Technology Session Handling Vulnerability;CA Anti-Virus vetfddnt.sys and vetmonnt.sys Local DoS Vulnerabilities

Affected Software:
CA BrightStor Portal 11.x
CA CleverPath Aion 10.x
CA CleverPath Portal 4.x
CA eTrust Security Command Center 1.x
CA eTrust Security Command Center 8.x
CA Unicenter Asset Portfolio Management 11.x
CA Unicenter Database Command Center 11.x
CA Unicenter Database Management Portal 11.x
CA Unicenter Enterprise Job Manager 1.x
CA Unicenter Management Portal 11.x
CA Unicenter Management Portal 2.x
CA Unicenter Management Portal 3.x
CA Unicenter Workload Control Center 1.x


A vulnerability has been reported in CA’s Portal technology, which potentially can be exploited by malicious users to bypass certain security restrictions.


The problem is that when multiple Portal servers share a common data source, a malicious user may be be able to inherit the session and security authentication of another user from a different Portal server.


Solution: Apply patches.
Provided and/or discovered by: Reported by the vendor.


Original Advisory: http://supportconnectw.ca.com/public/ca_common_docs/cpportal_secnot.asp


Reference: http://secunia.com/advisories/23426/


Related advisory:  CA Anti-Virus vetfddnt.sys and vetmonnt.sys Local DoS Vulnerabilities
http://www.securiteam.com/windowsntfocus/6J00N00HQC.html


Multiple instances of improper handling of NULL buffers in CA Anti-Virus allow local attackers to cause a denial of service condition. This issue affects only consumer CA Anti-Virus products.


Vulnerable Systems:
 * CA Anti-Virus 2007 version 8.1
 * CA Anti-Virus for Vista Beta version 8.2
 * CA Internet Security Suite 2007 version 3.0


Status and Recommendation:
CA has addressed this issue in the GA (Generally Available) software by providing a new automatic update on December 13, 2006. Customers running one of the GA products simply need to ensure that they have allowed this automatic update to take place. For CA Anti-Virus for Vista Beta, this issue will be patched in the GA release of the software.


Determining if you are affected:
View the Help>About screen and confirm that the product version is 8.3.0.1 or above. You can also verify application of the update by confirming that the vetfddnt.sys and vetmonnt.sys driver versions are 8.3.0.1 or above. These files are located in the %windows%system32drivers folder.


 

Leave a Reply