SupportConnect - Security Notice for eTrust Intrusion Detection

Security Notice for eTrust Intrusion Detection

Last Updated: February 27, 2007

CA's Technical Support is alerting customers to a security risk associated with eTrust Intrusion Detection. iDefense has reported an issue concerning how keys are handled during authentication to the Engine service. By using a carefully constructed request, a remote attacker can cause the eID Engine service to unexpectedly terminate.

Risk Rating

Medium

Affected Products

eTrust Intrusion Detection 3.0 SP1
eTrust Intrusion Detection 3.0
eTrust Intrusion Detection 2.0 SP1

Affected Platforms

Windows

How to determine if the installation is affected

  1. Locate the file SW3eng.exe with Windows Explorer. For 3.0 and 3.0 SP1, the file is located in the "Program Files\CA\eTrust\Intrusion Detection\engine\" directory. For 2.0, the file is located in the "Program Files\eTrust\Intrusion Detection\engine\" directory.
  2. Right click SW3eng.exe and choose Properties
  3. Select the Version tab

The installation is vulnerable if the version of SW3eng.exe is less than the version indicated in the following table:

eTrust Intrusion Detection Release

SW3eng.exe Version

3.0 SP1

3.0.5.80

3.0

3.0.2.07

2.0 SP1

2.0.0.41

Product Updates

CA has issued patches to correct the vulnerability.

eTrust Intrusion Detection 3.0 SP1 - QO85469
eTrust Intrusion Detection 3.0 - QO85472
eTrust Intrusion Detection 2.0 SP1 - QO85488

Workaround

In the case where applying the patch is not feasible, ensure only authorized hosts are permitted to connect to the Engine service port, 9191 by default, on the host running eTrust Intrusion Detection.

Reference

CVE-2007-1005

Should you require additional information, please contact CA Technical Support at http://supportconnect.ca.com.