| VID |
29112 |
| Severity |
30 |
| Port |
9191 |
| Protocol |
TCP |
| Class |
IDS |
| Detailed Description |
A version of CA eTrust IDS which is older than version 3.0.5.57 is detected as running on the host. Computer Associates (CA) eTrust Intrusion Detection 3.0 and 3.0 SP1 are vulnerable to a denial of service attack, caused by improper bounds checking of user-supplied input in the CPImportKey() function. By sending a specially-crafted administration packet, a remote attacker could crash the affected service.
* Note: This check solely relied on the version number of the remote CA eTrust IDS to assess this vulnerability, so this might be a false positive.
* References:
http://tinyurl.com/bp367
http://www.idefense.com/application/poi/display?id=223&type=vulnerabilities
http://secunia.com/advisories/14837/
http://www.securitytracker.com/alerts/2005/Apr/1013648.html
* Platforms Affected:
Computer Associates, Inc., eTrust Intrusion Detection System 3.0 and 3.0 SP1
Microsoft Windows Any version |
| Recommendation |
For eTrust Intrustion Detection 3.0:
Apply the patch Q066181 fixed this problem (version 3.0.5.57), as listed in iDEFENSE Security Advisory 04.05.05 at http://www.idefense.com/application/poi/display?id=223&type=vulnerabilities
For eTrust Intrustion Detection 3.0 SP1:
Apply the patch Q066178 fixed this problem (version 3.0.5.57), as listed in iDEFENSE Security Advisory 04.05.05 at http://www.idefense.com/application/poi/display?id=223&type=vulnerabilities |
| Related URL |
CVE-2005-0968 (CVE) |
| Related URL |
13017 (SecurityFocus) |
| Related URL |
19972 (ISS) |
|
