CA Secure Content Manager eCSqdmn Denial of Service Vulnerabilities - Security


Editor Login \| Register		Ekle

> World > Security

CA Secure Content Manager eCSqdmn Denial of Service Vulnerabilities - Security - World -

CWRedLight

(Date : 24.04.2008 18:58:56)

CA Secure Content Manager eCSqdmn Denial of Service Vulnerabilities

Secunia Advisory:	SA29895
Release Date:	2008-04-24

Critical:	Less critical
Impact:	DoS
Where:	From local network
Solution Status:	Unpatched

Software:	eTrust Secure Content Manager (SCM)

Description:
Luigi Auriemma has reported two vulnerabilities in CA Secure Content Manager, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerabilities are caused due to input validation errors within the eTrust Common Services (Transport) Daemon (eCSqdmn). These can be exploited to cause the service to crash or to consume large amounts of CPU resources via specially crafted packets sent to default port 1882/TCP.

The vulnerabilities are reported in eCSqdmn version 8.0.28000.511. Other versions may also be affected.

Solution:
Restrict network access to the service.

Provided and/or discovered by:
Luigi Auriemma

Original Advisory:
http://aluigi.altervista.org/adv/ecsqdamn-adv.txt

Derecelendir

Kaynak

http://secunia.com/advisories/29895/

İçerik İhbarı

Bağlantılar: bilgininefendisi.net

Open Source Document Project

AUP&TOS