CVE-2005-1693
CVSS10.0
发布时间 :2005-05-24 00:00:00
修订时间 :2016-10-17 23:21:49
NMCOS    

[原文]Integer overflow in Computer Associates Vet Antivirus library, as used by CA InoculateIT 6.0, eTrust Antivirus r6.0 through 7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, BrightStor ARCserve Backup (BAB) r11.1, Vet Antivirus, Zonelabs ZoneAlarm Security Suite, and ZoneAlarm Antivirus, allows remote attackers to gain privileges via a compressed VBA directory with a project name length of -1, which leads to a heap-based buffer overflow.


[CNNVD]Computer Associates Vet病毒库远程堆溢出漏洞(CNNVD-200505-1184)

        Computer Associates Vet病毒库提供病毒扫描引擎功能。
        Vet在分析OLE流时存在整数封装漏洞,导致任意堆溢出,这可能允许远程攻击者控制Vet所保护的系统。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:ca:etrust_secure_content_manager:1.0:sp1
cpe:/a:ca:vet_antivirus:10.66Computer Associates Vet Antivirus 10.66
cpe:/a:ca:etrust_antivirus_ee:6.0Computer Associates eTrust Antivirus EE 6.0
cpe:/a:ca:etrust_antivirus_ee:7.0Computer Associates eTrust Antivirus EE 7.0
cpe:/a:ca:etrust_ez_armor:1.0Computer Associates eTrust EZ Armor 1.0
cpe:/a:ca:etrust_secure_content_manager:1.1Computer Associates eTrust Secure Content Manager 1.1
cpe:/a:ca:etrust_ez_armor:2.0Computer Associates eTrust EZ Armor 2.0
cpe:/a:ca:etrust_ez_armor:2.3Computer Associates eTrust EZ Armor 2.3
cpe:/a:ca:etrust_secure_content_manager:1.0Computer Associates eTrust Secure Content Manager 1.0
cpe:/a:ca:etrust_antivirus:7.0_sp2
cpe:/a:ca:brightstor_arcserve_backup:11.1::windows
cpe:/a:ca:etrust_ez_armor:2.4Computer Associates eTrust EZ Armor 2.4
cpe:/a:ca:etrust_antivirus:7.0Computer Associates eTrust Antivirus 7.0
cpe:/a:ca:etrust_intrusion_detection:1.5Computer Associates eTrust Intrusion Detection 1.5
cpe:/a:ca:etrust_intrusion_detection:3.0Computer Associates eTrust Intrusion Detection 3.0
cpe:/a:ca:etrust_intrusion_detection:1.4.5Computer Associates eTrust Intrusion Detection 1.4.5
cpe:/a:ca:etrust_antivirus:7.1Computer Associates eTrust Antivirus 7.1
cpe:/a:ca:etrust_antivirus:6.0Computer Associates eTrust Antivirus 6.0
cpe:/a:ca:etrust_intrusion_detection:3.0:sp1
cpe:/a:ca:inoculateit:6.0Computer Associates InoculateIT 6.0
cpe:/a:ca:etrust_antivirus:7.0::gateway
cpe:/a:ca:etrust_antivirus:7.1::gateway
cpe:/a:ca:etrust_intrusion_detection:1.4.1.13Computer Associates eTrust Intrusion Detection 1.4.1.13
cpe:/a:zonelabs:zonealarmZone Labs ZoneAlarm
cpe:/a:zonelabs:zonealarm_antivirusZone Labs ZoneAlarm Antivirus
cpe:/a:ca:etrust_ez_armor_le:3.0.0.14Computer Associates eTrust EZ Armor LE 3.0.0.1.4
cpe:/a:ca:etrust_ez_armor:2.4.4Computer Associates eTrust EZ Armor 2.4.4
cpe:/a:ca:etrust_ez_armor_le:2.0Computer Associates eTrust EZ Armor LE 2.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1693
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1693
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-1184
(官方数据源) CNNVD

- 其它链接及资源

http://crm.my-etrust.com/login.asp?username=guest&target=DOCUMENT&openparameter=1588
(PATCH)  CONFIRM  http://crm.my-etrust.com/login.asp?username=guest&target=DOCUMENT&openparameter=1588
http://marc.info/?l=bugtraq&m=111686576416450&w=2
(UNKNOWN)  BUGTRAQ  20050523 Computer Associates Vet Antivirus Library Remote Heap Overflow
http://securitytracker.com/id?1014050
(UNKNOWN)  SECTRACK  1014050
http://www.rem0te.com/public/images/vet.pdf
(UNKNOWN)  MISC  http://www.rem0te.com/public/images/vet.pdf
http://www.securityfocus.com/bid/13710
(VENDOR_ADVISORY)  BID  13710
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32896
(VENDOR_ADVISORY)  MISC  http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32896

- 漏洞信息

Computer Associates Vet病毒库远程堆溢出漏洞
危急 缓冲区溢出
2005-05-24 00:00:00 2005-10-20 00:00:00
远程  
        Computer Associates Vet病毒库提供病毒扫描引擎功能。
        Vet在分析OLE流时存在整数封装漏洞,导致任意堆溢出,这可能允许远程攻击者控制Vet所保护的系统。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        http://www.cai.com/

- 漏洞信息

16780
CA Multiple Products Vet Engine OLE Stream Remote Overflow
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

A remote overflow exists in multiple products which rely on Computer Associates Vet Antivirus engine. The engine fails to perform bounds checking while analyzing an OLE stream resulting in a heap overflow. With a specially crafted Microsoft Office document, an attacker can cause arbitrary code execution resulting in a loss of integrity.

- 时间线

2005-05-23 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Computer Associates has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

Computer Associates Vet Library Remote Heap Overflow Vulnerability
Boundary Condition Error 13710
Yes No
2005-05-23 12:00:00 2009-07-12 02:56:00
Alex Wheeler is credited with the discovery of this vulnerability.

- 受影响的程序版本

Zone Labs ZoneAlarm Security Suite 5.5 .062.011
Zone Labs ZoneAlarm Security Suite 5.5 .062
Zone Labs ZoneAlarm Security Suite 5.5
Zone Labs ZoneAlarm Security Suite 5.1
Zone Labs ZoneAlarm Antivirus
Computer Associates Vet Antivirus 10.66
Computer Associates InoculateIT 6.0
- Caldera OpenLinux 2.4
- Debian Linux 2.2
- IBM AIX 4.3.3
- IBM AIX 4.3.2
- IBM AIX 4.3.1
- IBM AIX 4.3
- IBM AIX 4.2.1
- IBM AIX 4.2
- IBM AIX 4.1.5
- IBM AIX 4.1.4
- IBM AIX 4.1.3
- Mandriva Linux Mandrake 8.0
- Mandriva Linux Mandrake 7.2
- Mandriva Linux Mandrake 7.1
- RedHat Linux 7.1 i386
- RedHat Linux 7.0 i386
- RedHat Linux 6.2 i386
- S.u.S.E. Linux 7.1 x86
- S.u.S.E. Linux 7.0
- S.u.S.E. Linux 6.4
- SCO eDesktop 2.4
- SCO eServer 2.3.1
- SCO eServer 2.3
- Sun Solaris 8_sparc
- Sun Solaris 7.0
- Sun Solaris 2.6
Computer Associates eTrust Secure Content Manager 1.1
Computer Associates eTrust Secure Content Manager 1.0 SP1
Computer Associates eTrust Secure Content Manager 1.0
Computer Associates eTrust Intrusion Detection 3.0 SP 1
Computer Associates eTrust Intrusion Detection 3.0
Computer Associates eTrust Intrusion Detection 1.5
Computer Associates eTrust Intrusion Detection 1.4.5
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
Computer Associates eTrust Intrusion Detection 1.4.1 .13
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
Computer Associates eTrust EZ Armor LE 3.0 .0.14
Computer Associates eTrust EZ Armor LE 2.0
Computer Associates eTrust EZ Armor 2.4.4
Computer Associates eTrust EZ Armor 2.4
Computer Associates eTrust EZ Armor 2.3
Computer Associates eTrust EZ Armor 2.0
Computer Associates eTrust EZ Armor 1.0
Computer Associates eTrust Antivirus for the Gateway 7.1
Computer Associates eTrust Antivirus for the Gateway 7.0
Computer Associates eTrust Antivirus EE 7.0
Computer Associates eTrust Antivirus EE 6.0
Computer Associates eTrust Antivirus 7.1
Computer Associates eTrust Antivirus 7.0 SP2
Computer Associates eTrust Antivirus 7.0
Computer Associates eTrust Antivirus 6.0
Computer Associates BrightStor ARCserve Backup for Windows (All) 11.1
Computer Associates BrightStor ARCServe Backup for Windows 11.1
Computer Associates Vet Antivirus 11.9.1
Computer Associates Vet Antivirus 10.67
Computer Associates eTrust EZ Armor 3.1

- 不受影响的程序版本

Computer Associates Vet Antivirus 11.9.1
Computer Associates Vet Antivirus 10.67
Computer Associates eTrust EZ Armor 3.1

- 漏洞讨论

CA Vet is susceptible to a remote heap overflow vulnerability. This is due to an integer overflow flaw in memory allocation and utilization routines.

This issue presents itself when malicious compressed VBA projects are processed by the library.

This vulnerability allows remote attackers to overwrite critical heap memory control structures. This results in the ability to cause arbitrary machine code to be executed in the context of applications that utilize the affected library.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

The vendor has released advisory CAID 32896, along with fixes to address this issue. Computer Associates states that most of the affected products can receive a fix for this vulnerability through utilizing their built-in virus update feature.

Please see the referenced advisory, as well as the referenced Web pages from the vendor for further information on obtaining fixes.

Zone Labs has released an advisory to address this issue in affected products. Users are advised to upgrade the anti-virus engine to version 11.9.1 or subsequent through the Update Now option in the products. Please see the message reference from Zone Labs for more information and specific steps required to upgrade.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站