n.runs AG - Security Tools and Security Advisories

n.runs AG
Nassauer Straße 60
61440 Oberursel
Telefon: +49 (0) 6171/699-0
Telefax: +49 (0) 6171/699-199
E-mail: contact@nruns.com
Impressum

n.runs-SA-2007.024 CA eTrust Antivirus Infinite Loop DoS Advisory

n.runs AG
http://www.nruns.com
n.runs-SA-2007.024

security(at)nruns.com
25-Jul-2007

* * *

Vendor: Computer Associates, http://www.ca.com
Affected Products:
- CA eTrust Antivirus

Vulnerability: Infinite Loop DoS (remote)
Risk: HIGH

Vendor communication:

20070509 Initial notification to CA
20070511 CA Responses
20070511 PGP keys exchange
20070511 PoC files sent to CA
20070515 CA ask for product and version used in the test
20070515 Information requested sent to CA
20070518 CA validates the vulnerabilities
20070724 CA releases the Security Notice to the public
20070725 n.runs AG releases a coordinated disclosure advisory

Overview:

Founded in 1976, CA today is a global company with headquarters in the United States and 150 offices in more than 45 countries. They serve more than 99% of Fortune 1000R companies, as well as government entities, educational institutions and thousands of other companies in diverse industries worldwide. eTrust is an Antivirus developed by Computer Associates. Combined with CA Anti-Spyware for the Enterprise, CA Anti-Virus for the Enterprise provides efficient, centrally-managed, multi-layered protection against a broad range of malware threats.

Description:

A remotely exploitable vulnerability has been found in the file parsing engine. In detail, the following flaw was determined

- Infinite Loop in .CHM files parsing

Impact:

This problem can lead to remote engine denial-of-service if an attacker carefully crafts a file that exploits the aforementioned vulnerability. The vulnerability is present in CA eTrust Antivirus software previous to file arclib.dll version 7.3.0.9.

Solution:

The vulnerability was reported on 09.May.2007 and an update has been issued to solve this vulnerability through the regular update mechanism. NOTE: Not all products are automatically updated; please refer to the following link to validate http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot.asp

Credit:

Bugs found by Sergio Alvarez of n.runs AG.

References:

http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064895.html
http://supportconnectw.ca.com/public/antivirus/infodocs/caprodarclib-secnot.asp

This Advisory and Upcoming Advisories
http://www.nruns.com/security_advisory.php
http://www.nruns.com/parsing-engines-advisories.php

Unaltered electronic reproduction of this advisory is permitted. For all other reproduction or publication, in printing or otherwise, contact security@nruns.com for permission. Use of the advisory constitutes acceptance for use in an "as is" condition. All warranties are excluded. In no event shall n.runs be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if n.runs has been advised of the possibility of such damages.

Copyright 2007 n.runs AG. All rights reserved. Terms of use apply.

4. März 2009:
Pressemitteilung
n.runs AG und TÜV TRUST IT TÜV AUSTRIA GmbH geben Kooperation im IT-Securityumfeld bekannt

* * *

27 Februar 2009:
Corporate News
n.runs platziert Kapitalerhöhung
+++ Erhöhung des Grundkapitals um 8,7 Prozent
+++ Mittelzufluss für Reorganisation und weiteres Wachstum im Consulting
+++ Ausgliederung der Softwarelösung aps-AV®

* * *

17 Dezember 2008:
Advisory: Opera HTML parsing flaw lead to remote code execution

* * *

27 Oktober 2008:
Advisory: Eaton MGE OPS Network Shutdown Module authentication bypass and code execution

* * *

21 Oktober 2008:
Advisory: Internet Explorer HTML Object Memory Corruption

* * *

20 Oktober 2008:
Pressemitteilung
n.runs und Avira geben strategische Partnerschaft im IT-Sicherheitsumfeld bekannt

* * *

14 Oktober 2008:
Pressemitteilung
SYSTEMS 2008: n.runs AG präsentiert Bollwerk gegen den „Feind im eigenen Netz“ und Microsoft "Security Development Lifecycle Pro Network"

* * *

30 September 2008:
Corporate News
Zahlen des ersten Halbjahreszahlen 2008 bestätigen Expansionskurs
+++ Umsatzerlöse steigen um knapp 30 Prozent auf EUR 3,32 Millionen
+++ EBITDA um EUR 0,27 Millionen auf EUR -0,35 Millionen verbessert
+++ Ergebnis von Softwareinvestitionen geprägt, Consulting profitabel
+++ Ausblick 2008

* * *

17 September 2008:
Corporate News
n.runs wird durch Microsoft als Mitglied des neuen Programms Microsoft Security Development Lifecyle Pro Network berufen
+++ n.runs AG exklusives Mitglied im Microsoft SDL Pro Network
+++ Einziges Mitglied des MS SDL Pro Network auf europäischem Festland
+++ Mittelfristiger Umsatzbeitrag von über 10 Prozent geplant

* * *

17 September 2008:
Pressemitteilung
Software-Gigant beruft IT-Sicherheitsunternehmen zum Mitglied des "Microsoft Security Development Lifecycle Pro Network" Microsoft setzt im Rahmen ihres neuen Partnerprogramms "SDL Pro Network" in EMEA auf die n.runs AG

* * *

10 September 2008:
Advisory
Cross-Site Scripting Filter Evasion in various frameworks and applications

* * *

10 September 2008:
Advisory
Horde Framework Cross-Site Scripting in filename MIME attachments

* * *

25 August 2008:
Press-Release
IT-Sicherheit für Regierungen und Militär:
n.runs und Thales kooperieren

* * *

20 August 2008:
Artikel
"IT-Grundschutz" des BSI und secumedia Verlages - Antivirensoftware :
Wegbereiter für
Datendiebe

* * *

20 August 2008:
Press Release
Wachsende Bedrohung:
folgenschwere Angriffe auf E-Mail-/AV-Systeme nehmen stetig zu.

* * *