News Stay informed about the latest enterprise technology news and product updates.

CA patches security flaws

Those who use CA’s security products should be aware that the vendor has just fixed some critical flaws attackers could exploit to cause a denial of service or hijack a targeted machine.

Here are the details as told by the French Security Incident Response Team (FrSIRT):

“Two vulnerabilities have been identified in CA Anti-Virus, CA Anti-Spyware and CA Threat Manager, which could be exploited by attackers or malware to cause a denial of service or take complete control of an affected system. The first issue is caused by a stack overflow error in the Console Server when processing malformed login credentials sent to port 12168/TCP, which could be exploited by remote unauthenticated attackers to execute arbitrary code with elevated privileges. The second vulnerability is caused by a stack overflow error in ‘InoCore.dll’ when handling file mapping contents, which could be exploited by local attackers to gain elevated privileges.”

The problems affect CA Anti-Virus for the Enterprise (eTrust Antivirus) r8, CA Threat Manager (eTrust Integrated Threat Management) r8 and CA Anti-Spyware (eTrust PestPatrol) r8.

Fixes are available through CA’s automatic update feature.

Technorati Tags: , , , ,

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.