Important Security Notice for
CA eTrust Security Command Center
and eTrust Audit

Last Updated: September 28, 2006

CA's Technical Support is alerting customers to multiple security risks associated with the CA eTrust Security Command Center software component and eTrust Audit. An independent researcher, Patrick Webster, has identified remotely exploitable vulnerabilities in eTrust Security Command Center. CA has confirmed the presence of these vulnerabilities and has completed development of updates that address these issues.

The first vulnerability allows attackers to discover the web server path on Windows platforms. This vulnerability affects versions 1.0, r8, r8 SP1 CR1 and r8 SP1 CR2 of the eTrust Security Command Center Server component.

The second vulnerability allows attackers to read and delete arbitrary files from the host server with permissions of the service account. This vulnerability affects versions r8, r8 SP1 CR1 and r8 SP1 CR2 of the eTrust Security Command Center Server component.

The third vulnerability allows attackers to potentially execute external replay attacks. To mitigate this vulnerability, users should utilize perimeter firewalls to block external access to the event system as well as utilize host based access control/firewalls to block unauthorized internal access to the event system. This vulnerability affects versions 1.0, r8, r8 SP1 CR1 and r8 SP1 CR2 of the eTrust Security Command Center Server component, and all versions of 1.5 and r8 of eTrust Audit.

Customers with vulnerable versions of the eTrust Security Command Center Server component should apply the SCC vulnerability patch, which is now available for download at http://supportconnect.ca.com/.

Affected products:

eTrust Products

eTrust Security Command Center 1.0
eTrust Security Command Center r8
eTrust Security Command Center r8 SP1 CR1
eTrust Security Command Center r8 SP1 CR2
eTrust Audit 1.5
eTrust Audit r8

Affected platforms:

Windows

Prerequisite conditions for the vulnerability to be exploitable

None.

Determining the version of eTrust Security Command Center

Look into the registry key under

HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\eTrust Security Command Center

Look for Version key

eTrust Security Command Center Corrective Patch Download:

http://supportconnectw.ca.com/public/eTrust/eTrust_scc/downloads/eTrustscc_updates.asp

Should you require additional information, please contact CA Technical Support at http://supportconnect.ca.com/.