Computer Security
[EN] securityvulns.ru no-pyccku


Multiple Computer Associates (CA) products vulnerabilities
updated since 19.01.2006
Published:02.02.2006
Source:
SecurityVulns ID:5658
Type:remote
Threat Level:
7/10
Description:DM Primer and CA Unicenter buffer overflows, multiple DM Deployment DoS conditions. iGateway buffer overflow. CA Message Queuing DoS conditions.
Affected:CA : Unicenter Remote Control 6.0
 CA : Brightstor ARCserve Backup 11.1
 CA : Brightstor ARCserve Backup 11.0
 CA : BrightStor SAN Manager 11.1
 CA : BrightStor Portal 11.1
 CA : CleverPath OLAP 5.1
 CA : CleverPath ECM 3.5
 CA : CleverPath Predictive Analysis Server 2.0
 CA : CleverPath Predictive Analysis Server 3.0
 CA : CleverPath Aion 10.0
 CA : eTrust Admin 2.01
 CA : eTrust Admin 2.04
 CA : eTrust Admin 2.07
 CA : eTrust Admin 2.09
 CA : eTrust Admin 8.0
 CA : eTrust Admin 8.1
 CA : BrightStor Mobile Backup 4.0
 CA : CA Desktop Protection Suite
 CA : CA Server Protection Suite
 CA : CA Business Protection Suite
 CA : Brightstor ARCserve Backup 11.5
 CA : BrightStor SAN Manager 11.5
 CA : BrightStor Storage Resource Manager 11.1
 CA : BrightStor Storage Resource Manager 11.5
 CA : eTrust Audit 1.5
 CA : eTrust Audit 8.0
 CA : eTrust Audit 8.1
 CA : eTrust Identity Minder 8.0
 CA : eTrust Secure Content Manager 8
 CA : eTrust Integrated Threat Management 8
 CA : Unicenter CA Web Services Distributed Management 11
 CA : Unicenter AutoSys JM 11
 CA : Unicenter Management for WebLogic 11
 CA : Unicenter Management for WebSphere 11
 CA : Unicenter Service Delivery 11
 CA : Unicenter Service Level Management 11
 CA : Unicenter Application Performance Monitor 11
 CA : Unicenter Service Desk 11
 CA : Unicenter Service Fulfillment 11
 CA : Unicenter Asset Portfolio Management 11
 CA : Unicenter Service Matrix Analysis 11
 CA : Unicenter MQ Management 11
 CA : Unicenter Application Server Managment 11
 CA : Unicenter Web Server Management 11
 CA : Unicenter Exchange Management 11
Original documentdocumentCA, CAID 33581 - CA Message Queuing Denial of Service Vulnerabilities (02.02.2006)
 documentIDEFENSE, [VulnWatch] iDefense Security Advisory 01.23.06: Computer Associates iTechnology iGateway Service Content-Length Buffer Overflow Vulnerability (24.01.2006)
 documentCA, [Full-disclosure] CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability (23.01.2006)
 documentCA, [Full-disclosure] DM Primer error handling weakness & an old CAM BO revisited (19.01.2006)
 documentCA, [Full-disclosure] CAID 33756 - DM Deployment Common Component Vulnerabilities (19.01.2006)

Using timing attacks to bypass intrusion detection
Published:02.02.2006
Source:
SecurityVulns ID:5725
Type:remote
Threat Level:
6/10
Description:It's possible to use difference in timing, for example packet reasembly timeouts, of target system and IDS to bypass detection. As workaround, timing parameters of IDS should be configured to match timing parameters of protected system.
Original documentdocumentanonpoetin_(at)_connu.isu.edu, Verified evasion in Snort (02.02.2006)

FreeBSD TCP selective acknowledgment DoS
Published:02.02.2006
Source:
SecurityVulns ID:5726
Type:remote
Threat Level:
6/10
Description:Bug in TCP SACK (Selective Acknowledgment) implementation leads to infinit root inside kernel.
Affected:FREEBSD : FreeBSD 5.3
 FREEBSD : FreeBSD 5.4
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-06:08.sack (02.02.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod