SupportConnect - Medium-Risk vulnerability alert


CA has confirmed the presence of a Medium-Risk vulnerability that affects the ability for any CA solution, leveraging the eTrust Antivirus engines, to properly filter specially formatted .ZIP files.

Read full text of iDEFENSE notice.

Issue:
CA has determined that a specially crafted ZIP file will cause the decompression engine (Arclib.dll) to ignore certain files within the ZIP. This will allow the creator to send content past our scanners by hiding it within the specially formatted ZIP file.

Severity:
CA has given this a Medium-Risk severity due to the widespread impact on all products using the Arclib.dll decompression engine. This issue has the greatest risk on gateway solutions. These solutions may allow the specially crafted ZIP files to pass through, however, the hidden content must still be extracted from the ZIP in order to be used in a malicious manner. Though Local and Scheduled Scanning will not pick this up, if malicious content is extracted from the ZIP, eTrust Antivirus Real-Time scanner will detect this and prevent the system from being infected.

Status:
CA has actively addressed this issue with a full range up updates to secure and protect all solutions leveraging the Arclib.dll decompression engine. Updates to Arclib, and instructions on how to install them can be found at:

Security - Threat Solutions
CA Secure Content Manager; eTrust Intrusion Detection; CA Threat Manager; CA Anti-Virus and CA Anti-Spyware all have published fixes for this vulnerability.

Please make sure all TM/AV/AS/SCM/eID installations are patched with their appropriate fixes referenced below.

CA Secure Content Manager
Manual Fix has been published and made available to clients
http://supportconnectw.ca.com/public/etrust/etrust_scm/infodocs/etrsutscmcu-ann.asp
http://supportconnectw.ca.com/public/etrust/etrust_scm/etrust-scm_supp.asp

eTrust Intrusion Detection
Manual Fix has been published and made available to clients
http://supportconnectw.ca.com/public/etrust/etrust_intrusion/infodocs/eid-contentupdate.asp
http://supportconnectw.ca.com/public/etrust/etrust_intrusion/etrustintrusion_supp.asp

CA Threat Manager
Automatic Fix has been published and made available to clients
http://supportconnectw.ca.com/public/antivirus/infodocs/etrustav-contentupdate.asp
http://supportconnectw.ca.com/public/eitm/etrustitm_supp.asp

CA Anti-Virus
Automatic Fix has been published and made available to clients
http://supportconnectw.ca.com/public/antivirus/infodocs/etrustav-contentupdate.asp
http://supportconnectw.ca.com/public/antivirus/antivirussupp.asp

CA Anti-Spyware
Automatic Fix has been published and made available to clients
http://supportconnectw.ca.com/public/antivirus/infodocs/etrustav-contentupdate.asp
http://supportconnectw.ca.com/public/pestpatrol/pestpatrol-supp.asp