ID CVE-2007-1005
Summary Heap-based buffer overflow in SW3eng.exe in the eID Engine service in CA (formerly Computer Associates) eTrust Intrusion Detection 3.0.5.57 and earlier allows remote attackers to cause a denial of service (application crash) via a long key length value to the remote administration port (9191/tcp).
References
Vulnerable Configurations
  • cpe:2.3:a:broadcom:etrust_intrusion_detection:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:broadcom:etrust_intrusion_detection:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ca:etrust_intrusion_detection:2.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:ca:etrust_intrusion_detection:2.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:ca:etrust_intrusion_detection:3.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:ca:etrust_intrusion_detection:3.0:sp1:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 09-04-2021 - 14:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
refmap via4
bid 22743
bugtraq 20070228 [CAID 35112]: CA eTrust Intrusion Detection Denial of Service Vulnerability
confirm http://supportconnectw.ca.com/public/ca_common_docs/eid_secnotice.asp
idefense 20070227 Computer Associates eTrust Intrusion Detection Denial of Service Vulnerability
osvdb 32290
sectrack 1017706
secunia 24309
vupen ADV-2007-0776
Last major update 09-04-2021 - 14:32
Published 02-03-2007 - 21:18
Last modified 09-04-2021 - 14:32
Back to Top