Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


CAs Intrusion Detection Software Vulnerable to DoS Attack



 By: Lisa Vaas
2005-04-07
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Updated: A flaw in CA's eTrust intrusion detection software could allow remote attackers to trigger a denial-of-service attack.

A flaw has been discovered in Computer Associates International Inc.s eTrust intrusion detection software that could allow remote attackers to trigger a denial-of-service attack.

iDefense Labs, at security firm iDefense Inc., on Tuesday posted an advisory that described the vulnerability as being caused by insufficient checking on values passed to Microsoft Corp.s Crypto API function CPImportKey.

CPImportKey determines certain buffer allocation sizes from data supplied via data blob.

Attackers may manipulate CPImportKey to trigger allocation of large buffers if wrapper functions dont validate the data passed to the Crypto API before CPImportKey is called.

Resource Library:
When CPImportKey receives a size that exceeds mapped memory size, an exception is generated and memory is locked.

Michael Sutton, director of iDefense, said the vulnerability was "certainly exploitable" by a savvy attacker. "We purposefully dont go out of our way to give deep details on our reports, but somebody who knew what they were doing could figure it out," said Sutton, in Reston, Va.

What makes it a serious vulnerability isnt the possibility that somebody could take over a computer, Sutton said, since the flaw is merely a vulnerability to a denial of service attack. Whats of greater importance is what the attack targets: an intrusion detection system.

CAs eTrust Intrusion Detection System packs three capabilities into one product: network protection, network session monitoring and Internet Web filtering. As such, it sits in the center of network security.

Read more here about CAs acquisition of eTrust Cleanup.

"The purpose of [an IDS] being there is to detect an attack," Sutton said. "Being able to take it out could make way for a really nasty [subsequent] attack. If you were targeting a network, yes, this would be an important first step in keeping subsequent attacks undetected. That makes it of greater importance than a typical attack. … Just because its a security product doesnt mean its immune to security vulnerabilities."

iDefenses advisory suggests employing firewalls, access control lists or other TCP/UDP restriction mechanisms to limit access to eTrust Intrusion Detections administration port. Also, the advisory recommends use of multiple intrusion detection products for sensitive networks.

CA, of Islandia, N.Y., has created a workaround that prevents the component issue from being exploited, by validating the key received from the viewer and dropping the connection if not valid.

The update is available only for versions 3.0 and 3.0 Service Pack 1.

To read more about CA launching five separate business units, click here.

CA issued the following statement underscoring its quick response to the discovery of the flaw: "CA responded quickly to the vulnerabilities discovered in eTrust Intrusion Detection with appropriate patches, which are currently available on our SupportConnect site. We recommend that our customers protect themselves by downloading and applying these patches right away. We will continue working with iDefense and the rest of the security community to uncover any potential vulnerabilities in our software so that CA customers can keep their enterprise computing environments safe and secure."

Customers can access updates online at CAs Web site.

Editors Note: This story was updated to include comments from Computer Associates.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: CAs Intrusion Detection Software Vulnerable to DoS Attack
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Lisa Vaas
 


x}ks㶒qUSd[Ķ|,8[*$CR~L6bl?qc2O-ݍFxCggD0pEIv}3齟%ym 4q=We 3JԲ|WR #YȮgtj4;#|69o;| `OS;S uɘqPWoɈ^DQ_ƾQ/72`&`1\l8ըXC< tWü#~hzFsi^_aoem#1UJ R\.j$_c::z\LBn$>@FI/j|%rP<(ZS K'i̮g fZҐ '|^9@b9jz'򳩥uk]_]-k][H>߈ecby1+Uz(#1΂gxg_,:nNOn/9nڗ'.9\qəzN0@q'S j__[r\> mz &l M u4}GVKR>qUu}L2,ewB~9]Czf&J ͒edL_9H]+G)HaM|`Amd±(|˺rN ~}A'mҘj )B!aB`ukj3@̀kfgPXX`4R 9lb)6K .F]U){IK2ߪr!CCj9nVȨ+SA%EI7CD r<#|!XsI((Gc{_Y6ni>U?zvwܬ̫E2'*4ޙͲ~4Ң[sQ}nUOnK/364>p.B2iK1qJjj|UJPXrWjUL@JL-a[ e u4}x7 &}`M6qk>9m'RCGs4DAC6V^lzK 4}l>#ä 3p|gkͅz9ԩ0鋥* Cb`N3DAЂNx>tTَ]6}l2w9;-,&w&z@rtCX` V>PCh' 6)d@}>\tv60-PSRV\Qo=C' dQJ dh$@!"5i]NP@Br68 -84rrd+ ~CADBR1Jl׀Ri !sgCzn)}T[h+\KBAfkf(2{~u}fBdAND*ˑe*0pMSx6Tn۠oJMUUTIkBk84u08Bdp{45-4a  [X' ' 5$&.a*byB'rGs44m'ȑcQ׃ J+V))A\^XPᑌ;l<͉iÆqlc_a! eBC`>.{c~d\2#5X5[\wıa弇d.Kpn>>{BOMnaDpI.3_hy>epGҶLo J%~hB}8 9r!M5kb$ӠC3bmy֙yBN[2 KFM&WRy*_NT$3(Q2kӧ菝 E݋+)I :-h8E4-Jc˲r 5gfYV{-Vv/KTu¾? Vlsf KZ }:JskiHH*6@\X0-# %>F.1~ϓaҵ(nw߱}jabE w^ yY9?>2ai[aՒx K[@ x@6$SQن2ij:8:X麞vo퓛ı+ ?۠ӣ(!w1N(L6FӰ HjOas0z q tX~l= Z%78qM͞6#]6޹9FuE8` ;Dz0aINR~ д@_oZqFK.,Z!?Rc?&Q?{2le,g@@re9'jYIt]iK´9& zI8@1"N:M4/#/;һOQ.# {o`"2l3q&/rtwE% i4Q,(J9A)` L] T<5y[= 6n 2H#0/`k .^@>k K'"ZcEsÖYEV>^ZoC zMoAaQIH L< K.ОrVyC?M=~2T+BZdžZKZ1_Tp}*xOo熼M]p/qܱ}Ө7? >k냪̦[PCGf>#\ܧaSacFTFh`2$$VG ã2R*%1c0]((Uf" Q=ݛ|m d%`3s' ]W 19>T;PRX89'&B1FGtlȂtx!W5eջ5eb Ո}G:DX`LESz,4pNZu.iYOS)&Vt u| _\:z>Z,LH0t U}uW*B}:/{o68F2@="8q zt2 jJB5?)k*:0%[ȑS\wz!BIJ\,[%V-03+F{N6iY~y50>Oy^UK Fb&*T~\yYR gg^a+o9e:a'_;A /CUEV:“#M/&"m>s5ѺMsls K39"nLt@-'A&5e,^ -q ɕN{,s0Ϲ$2,3 zS))rT*H-U4qMݗ[?jKokS_ҧ<@L6YTRBw}BY`"M]1u%&jXO8̳YKn*P)вOUJ}[ r/0/ TADy\SGV:<͠1p Je4z1H=ʧBDuq-Nn UbPɗ7 \vN *9^ lYv_Kᴄ{po69 -uR>(ʖpK%4e3/ .Gغ<y=hlqKZ\w޼\8XG̔[Qm+KZƱjԔ5X4CoZ=K֩UI-T R,< 3CdG̣-LGI4n:8&.VM%%;s]}E= Siw;ܜ׌>zIƝrQU U`JRԾۑN\cĽ) r!_'GdQ.|aR)T@%ʠK󉄌| ;!c8` 1@ HFWOѕ{iD$ b #~?DrN,GzRFdqɉ`Ia1:*:_[kᷘo9?Oů1Ok7tA?h[(KhLV`kR=t Y~2)}BO-9˙^#iZ ō7w JE5P!ARBy՞SE[@c}OӆO|BBZaJ;ńOa2ބq?Is6vۺYN6#S)Ҥ`BgJȄd{|Sfk*C@$ğ_KIv(+H+dAWJӚmfyj/o6V"+F^M`l+8OZa!A|)J| >n e!>ဏQJhEw 鳁᪖}+ˬ ŏhuG81 ƻ<[V~@0GW吜bnMi"6GIsFi:;GT@(NVu2k= ,&]7_>mzόEoIM2х=c6^N dߟ/"eΜtٕNt;2ix7Yu(fh^/yn99Ro!F.u?2wsՠ=Qzq>.e~W);ƙ a dJփ7÷Fp7. f_!O!%JJMa- +]Cfek=ô§ ,'i?Wc#ޚU>9dv<~+r gF9۴,rιjc_; M8`!=L_Dj=c;rbLإze/L^(l1t@jjYJI)B.=49@x%;}෍?x+'jۓ!"~b&thi#Z c f};BG+h,@חCrP@o"9{$]"6`XW_CB͍ݦr&"h=ՙI5R3I Vb% IXMS6L$(vVI(gbXJ ]_*@bf,dk; w6zfƞ7^{Ŏt4:1!{$v5!? Ag[ 0z| uM?[n+peqbP5f?,eFfOjqYȣON?g:a;nJ|Y,񨡉KɜTds+ne$^e%!Ȫą yȦj!_C6M_$dӒ(m Ƀ\MEC2 $Μ SѝgS,$4 6 bfbL0fQ/@9Ł g29ЊMZJLZ3>uTe%3( 5֘!59Evy V5dE5Ѱr>'FsOGݛDRJqPAoLXM Q6$ AJqغh)^.Lc-gY,]ly$"9HH'콤ʁR>( ;DI"e5kfU#+3qx^$ U6:zazLM󥎅7τ)-Q^CYP3z,ڼ5A&h&H^W aˉUQbxi<6)_Ag6W /`1 h@J݀Rw zS21CG rf5Cn+Ip !E" oEteI)IҦDW~=xƪBdQ3=Gޒ>ԗT\7< HJzg:{V0DxZ'3lU!T4WC+8hU]1ŏm_j^oU#q5IXkS3ڑ5֕p.+%,.s{YHx.9q\-B̄ WllЍmJ/IC7777Wn?, 忈?_.?U`hMq,:E% hseq4R|3pHFYo`/~ "Dcol[mKhaM 4M 1z̠2DFD??$hcRo(\ro[cҧs`?`VtBtNӁr?TC~ 0pX"U"~B<|ik^,N-;veR|c XS3#iUµc`#!vpEm*3QCn^bMt辭pzg#"olXcbDyEy2T2<-|]Ny0PaɌWJ<)!>uG$` ߡ7{Fn{cϙүMO- uawH7$`A$ aPBjDsObmJ/̅Iܫnsj!ii3ty/3r҃Z7Y2䎽$bş ߩz(CZPBZ’M<Is1%ْXsBw"ODjC@ )q/1ć>>u "KqҼ&570bS,^41J11ǜSçQՊr_̹OQ.3ZuZ.{f@]&>-E(([$TC ǵ1-R(M꠴U^bTy iStS#6J=!v ~];b}k mL6YZ9Owz޼t]DE㕛x3ٷ%7xttQaNaDXoH<5)~dZ᧦R\9-0&CuO9r*Z̃ZQ=<`ƴaೈu TEkm sėvBu'}1YģV^~VwR<<}Q,mR!F'Bp"x$` \z9~j<ۍ |;À;7t姬,aГ{{n/c$W !vL&S; f;VdRjS>pBjߙc#/V7R#EYrRf׶fp ʹG[+ 6g%=ڙaa5 VH4[Mm0Qt].>#y#Wa>⑍6X9.:#]SG!ת]P] vuzUh9Mf^Ӗpht65x*I=GKf@O@L%F H Wiir'o&'졢XًxR(?U%WK~C&}+ 5'-B3-Ϣo37k¨`*;`+yG";{jQ v`Ĭ@BSOG]ސxw9e#w `Oi$}NK1H4]qE# ``K(Fy =4u=oz.ZxX2)k`/Cۑ7;0LEVi Jߩ>?G|`אD ]TVZA&`3 Bx7t#l.}kO8<ٟ0nhGpΖБ`b'r B"뭛/ʁBT/WÀS[]TŰDdǤ c 4FH[~eMN[s  <v\N~cs<xlo1")(0C>CTD:%L[lELN/N9ccgZ|,{gGǙ9fQsvYL]"P"W?]N"@ g o C q_nbI *͕$f+|nj`:>0<(SG]ĝ?]hx*[50 0LYrK,ɖCzEQt#?hKg0<*G7;ΥIDZ\?' .yHcI ^iN4xPXp!㯛ԿC@"~|aЇ\ 3+z+|E))J]U0!xW`|)@]y} Wu3{8VLOr%-2 {AzFR3dhh{߇J L]'*O=lF,f1D9\&9nHQ}kw.Qsפ} '\M'Uw:';WNۗe/85=X0ky-l21^ N^9l^28Ks!Yx9*x+U94dG_1=Tge4I{k0%lyїU1*o,l+N=͓VV\j)h>?+gw:^.9vRO-q5{@Q력2D GM*7a:oH粕i*5/6ρW ?] ÊwV#NZ+!xy)t~C߯ayY;8k/odп}}"^ s>vsX1  >b~/?+sX1 ϋyy>G/W#\g+X+a~/W% \1gE; :+OKg|ZAWPjEkӅwW 请z@/?}}XA_!|7*f@7+ڿYAɵNVC\g+8=R/eG+Ty~iU>l.OW@ yVV NYAe^sisˀ ~/>{+sg#q$W>s+*j _xښhTqۭM+se|"X&7 jU4, X12fm=AF2h?+( sOʺύh>҇b {%])WeM'ik(s3gg=U2̑hCK} XWHD6KA1_w+ #٣,N5'H_+iKЈw+=y*9 ۍ+< #p5yhzspvG~|_<ڻsϬeU5IA6KE>]iQZg[p4ә< 5íE$oq`f>|=xC/+xuvﶎ?\{XjAi]_6W-hO'diA=>'A7'n"B8WEjnVp=s.ʼnS ;wM-=C O.Wn8Som w;#}2сN2t ZWw\)Uʙw;5"M 'D@ W"+Uw9 طV-+b`"8! T:QȀFuo*%K0f9=q͐Ga1Vѕ !'\BHczt#Sۨ yQYmLdp-yxyNˤڎy@7sJ5vf;)SAЫD@.LS:7ژLڸAņ'ag49uv[z0 c|𷁞W354>8Mqkq9D4;o&g)XGP{ucH2.` ̀N4W ȅ&`" >oVݺ]Ny/Ax,e. M/V@|_SS 2Fd y:? 9oC IGMgɱFΐyCҏb)Hw{ap<&tdK;Ooc8]m8 ۋA q0xS=ie| +v8S#a_c‡0m&ĤƤAֽD#aZ#7XYΊ ū"aѾYk{nD8k=-y4k6$wl9SsgP;xOX 5 g[=Ǚ,ېŚοupɟ)/Հ`m[?4{b:X3&?c/ITÛ2 ^`ty'W'#Y Ob\vBaI3&ܴ,&wǥ47,]<"W ?6> WJI|~Z(;KH(e`'Կug8-C})L9 H|\K֊U`g_CBbg ;u {Vj͙*q9wI7\,AOd=:rzM¨*qH)aa" ,i_1QcFӾ"]ǚ GY~l+PUE0@=Cb s?QbЁ_T54qtѷkd9Hr%zE h&.l{mC᳠c+D~kB=&*P=eٚ v,/ݤd񙣶-+2l%m=H $ M* %|Cb1G8]x ""_Ranio/y㶁E"= S q:ia3YX:'D@0avwjښ ˖0  m+%84B>ؼQֺ9kLK,>iЀΧ^p륎PhU|l>cy nj>.C2J_vs/'B`uFt[]vE pӁex, ׁ]sl +CcmR>(:NOes{J<> .m7#T9` GYE`+8utJѢV"֐0qYPՀ)@֙Gm;qrԗMRmQ)(-?X61Ȟg<5}۲|lږa=tKcb:ngFb K f_ =[<܊;N! ^f#1؋tc)dp̄eO\FyyEvҹ N袸̍IG`a^d;+)ؐ92{0bO1l,ozԛ'TS*a#o *[AN9LDxZ4/ǎLuX% +D9:K+Tchޘ',E—1u1GNsg-Z{| 9TMhc{pfa&J m!胋Ƚg~d>]Hȱ`,ӊHv"V윔IJLΡnlMqQ!%VF) 5P&~Xn-'B@ Z|qƳ#|撟 元>WNyNE=Kf}+s)VR,_XП]<"#^44{4Y|}(4;έIwq.8O|{7# ^8{5D ׿˾ėxbi-R^7 ;o2S/Y3:=vS@1$p e5 ^ 5]cduub@t;U+Pg O3xAr>nőbILjeO\Gpvu\z`W٫׳$K0`Gm~_ج(^z({0`٩ڼ%SbHJW3(3R}TJuRf?GctPX54;3M27: %xqt#.!5.l ˇ4GJ9vupei`@jPg ^z Ӎޑ,{0{El>~?zi#y16jox ej/;xRjcLس^۠]gNTD6m3:E8\cu/{=+ڙ`U F sv]z6F=W8!n'Ҁ\X@ `7ᒊ_y kDPpdಜc'8O$> *"хkBdg/Q'kH ߉&J2,=$+4a̕F@'9iBmH" :oSCt_:!lȻE˅,}zQgH1ݵOiӮ+66)ck;&ޚc h Y<--A0 r(<Ǜ5) ls|n $E*J=+{sx8ژE9oQ>g RF̞ЈzkJmmGf#'=&1hHw;nr÷xUg8 R~dfc[$/0M,gYYeE2JRuz&ě/A0Z)21F#/pn9yUI]yU<+bcb|!AW&lh&ѥrNfU[IF e~ GgZx^Z(: