View my documents ()
 Home > Support > Global Security Advisor 

Vulnerability Detail

CA eTrust Security Command Center read and delete arbitrary files vulnerability

Date Discovered:
21 Sep 2006

Date Published:
21 Sep 2006

Last Updated:
4 Oct 2006

Threat Assessment

Overall Risk:  Medium
Popularity : Medium
Impact:  Medium
Simplicity:  Low

Characteristics

Vulnerability ID:  34617
Discovered By:  Patrick Webster

Exploitable Locally:  Yes
Exploitable Remotely:  No

Impact:  A local attacker can read and delete arbitrary files.

Root Cause:  Software Vulnerability

Description
Recommendations
Affected Technologies
References
 

Description

CA eTrust Security Command Center contains a vulnerability that can allow a local attacker to read and delete arbitrary files. The vulnerability is due to improper validation of temporary file location reported by getadhochtml function. An attacker can exploit this vulnerability to read and delete arbitrary files from the host server with permissions of the service account.

Back to top

Recommendations



-------------------------------------------------------------------------------
For: CA eTrust Security Command Center - Server r8

Please download and install the following patch:



http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO81851&startsearch=1



-------------------------------------------------------------------------------
For: CA eTrust Security Command Center r8 SP1 CR2

Please download and install the following patch:



http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO81878&startsearch=1

-------------------------------------------------------------------------------
For: CA eTrust Security Command Center r8 SP1 CR1

Please download and install the following patch:



http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO81876&startsearch=1

Back to top

Affected Technologies

Computer Associates: CA eTrust Security Command Center - Server r8
Computer Associates: CA eTrust Security Command Center r8 SP1 CR1
Computer Associates: CA eTrust Security Command Center r8 SP1 CR2

Back to top

References

Computer Associates: eTrustSCCVuln
Mitre CVE: CVE-2006-4900

Back to top

CA Global Security Advisor

Current threat condition: Low
Low
Documents and Tools
Find Threats
Viruses Spyware
Vulnerabilities All
 
 
Page Tools
ShareShare