01 March 2007, 09:36

DoS vulnerability in CA's intrusion detection products

A vulnerability in CA's eTrust Intrusion Detection solution can be exploited to shut down the administration service. According to iDefense, all an attacker needs to do is to send manipulated packets during log-in to the service listening on TCP port 9191. When a defective session key is transferred to protect the connection, the service overflows the heap, causing a crash. This security hole affects eTrust Intrusion Detection 2.0 SP1, 3.0 and 3.0 SP1. CA has issued patches to solve the problem.

Also on The H:

Security vulnerabilities fixed in multiple CA products
Multiple heap overflows in plug-in for GStreamer media framework
VLC Media Player trips up on True Audio
Unicode encoding can be used to bypass intrusion detection systems
Hole in Snort intrusion detector
Snort intrusion detection system - one patch and one new vulnerability

Channels

Services

DoS vulnerability in CA's intrusion detection products

Also on The H:

Content Security Policy halts XSS in its tracks

Skype's ominous link checking: Facts and speculation

Password protection for everyone

Two clicks for more privacy

What's new in SUSE Linux Enterprise 11 SP3

What's new in Fedora 19

What's new in Linux 3.10

Free Software post-PRISM

Kernel Log: Coming in 3.10 (Part 4) - Drivers

The trouble with "Business Source"

Kernel Log: Coming in 3.10 (Part 3) - Infrastructure

Whatever happened to Google?

Java EE 7 at a glance

Continuous database migration with Liquibase and Flyway

Unit testing with Node.js

Ruby 2.0 - the 20th birthday present

Linux Mint 15: A better Ubuntu for the desktop

What's new in Linux 3.9

Replacing Google Reader

Attacking TrueCrypt

The H

The H Open

The H Security

The H Developer

The H Internet Toolkit