Vendor Status Note JVNCIAC-R-241

CA 製品に複数の脆弱性

概要

CA Anti-Virus for the Enteprise、CA Threat Manager などの CA 製品には、複数の脆弱性があります。

影響を受けるシステム
 - CA Anti-Virus for the Enterprise (旧 eTrust Antivirus) r8
 - CA Threat Manager for the Enterprise (旧 eTrust Integrated Threat Management) r8
 - CA Anti-Spyware for the Enterprise (旧 eTrust PestPatrol) r8
 - CA Protection Suites r3

想定される影響

遠隔の第三者が任意のコードを実行したり、サービス運用妨害 (DoS) 攻撃を行ったりする可能性があります。

ベンダ情報

ベンダリンク更新日
CACA Anti-Virus for the Enterprise, CA Threat Manager, and CA Anti-Spyware for the Enterprise Console Login and File Mapping Vulnerabilities
CA Anti-Virus for the Enterprise, CA Threat Manager for the Enterprise, CA Anti-Spyware for the Enterprise Security Notice
参考情報

  1. US-CERT Vulnerability Note VU#680616
    Computer Associates eTrust AntiVirus Server buffer overflow
  2. US-CERT Vulnerability Note VU#788416
    Computer Associates AntiVirus InoTask buffer overflow vulnerability
  3. ISS X-Force Database: ca-console-server-bo(34204)
    Multiple Computer Associates products Console Server buffer overflow
  4. ISS X-Force Database: ca-inotask-bo(34205)
    Multiple Computer Associates products InoTask.exe buffer overflow
JPCERT 緊急報告
JPCERT REPORTJPCERT-WR-2007-1801 ( 2007-05-16 )
CIAC BulletinR-241 CA Anti-Virus for the Enterprise Securitiy Notice ( 2007-05-14 )
CVE2007-2522 [CVE+] XF34204
2007-2523 [CVE+] XF34205
PGP署名JVNCIAC-R-241.html.sig
登録日18:14 2007/06/02
更新日18:14 2007/06/02

Copyright(C) 2002-2009 Keio Univ. All rights reserved.