CVE-2007-1005 - Vulnerability Details - OpenCVE

Heap-based buffer overflow in SW3eng.exe in the eID Engine service in CA (formerly Computer Associates) eTrust Intrusion Detection 3.0.5.57 and earlier allows remote attackers to cause a denial of service (application crash) via a long key length value to the remote administration port (9191/tcp).

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Broadcom	Etrust Intrusion Detection
Ca	Etrust Intrusion Detection

Configuration 1 [-]

OR	cpe:2.3:a:broadcom:etrust_intrusion_detection:3.0:::::::*
	cpe:2.3:a:ca:etrust_intrusion_detection:2.0:sp1::::::
	cpe:2.3:a:ca:etrust_intrusion_detection:3.0:sp1::::::

No data.

References

Link	Providers
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=484
http://secunia.com/advisories/24309
http://supportconnectw.ca.com/public/ca_common_docs/eid_secnotice.asp
http://www.osvdb.org/32290
http://www.securityfocus.com/archive/1/461567/100/100/threaded
http://www.securityfocus.com/bid/22743
http://www.securitytracker.com/id?1017706
http://www.vupen.com/english/advisories/2007/0776

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-03-02T21:00:00

Updated: 2024-08-07T12:43:21.624Z

Reserved: 2007-02-19T00:00:00

Link: CVE-2007-1005

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-03-02T21:18:00.000

Modified: 2024-11-21T00:27:16.643

Link: CVE-2007-1005

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-02-27T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in SW3eng.exe in the eID Engine service in CA (formerly Computer Associates) eTrust Intrusion Detection 3.0.5.57 and earlier allows remote attackers to cause a denial of service (application crash) via a long key length value to the remote administration port (9191/tcp)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2007-0776", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0776"}, {"name": "22743", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22743"}, {"name": "32290", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/32290"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://supportconnectw.ca.com/public/ca_common_docs/eid_secnotice.asp"}, {"name": "24309", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24309"}, {"name": "1017706", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1017706"}, {"name": "20070228 [CAID 35112]: CA eTrust Intrusion Detection Denial of Service Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/461567/100/100/threaded"}, {"name": "20070227 Computer Associates eTrust Intrusion Detection Denial of Service Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=484"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1005", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in SW3eng.exe in the eID Engine service in CA (formerly Computer Associates) eTrust Intrusion Detection 3.0.5.57 and earlier allows remote attackers to cause a denial of service (application crash) via a long key length value to the remote administration port (9191/tcp)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2007-0776", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0776"}, {"name": "22743", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22743"}, {"name": "32290", "refsource": "OSVDB", "url": "http://www.osvdb.org/32290"}, {"name": "http://supportconnectw.ca.com/public/ca_common_docs/eid_secnotice.asp", "refsource": "CONFIRM", "url": "http://supportconnectw.ca.com/public/ca_common_docs/eid_secnotice.asp"}, {"name": "24309", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24309"}, {"name": "1017706", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017706"}, {"name": "20070228 [CAID 35112]: CA eTrust Intrusion Detection Denial of Service Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/461567/100/100/threaded"}, {"name": "20070227 Computer Associates eTrust Intrusion Detection Denial of Service Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=484"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:43:21.624Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2007-0776", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0776"}, {"name": "22743", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/22743"}, {"name": "32290", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/32290"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://supportconnectw.ca.com/public/ca_common_docs/eid_secnotice.asp"}, {"name": "24309", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24309"}, {"name": "1017706", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1017706"}, {"name": "20070228 [CAID 35112]: CA eTrust Intrusion Detection Denial of Service Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/461567/100/100/threaded"}, {"name": "20070227 Computer Associates eTrust Intrusion Detection Denial of Service Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE", "x_transferred"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=484"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1005", "datePublished": "2007-03-02T21:00:00", "dateReserved": "2007-02-19T00:00:00", "dateUpdated": "2024-08-07T12:43:21.624Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:etrust_intrusion_detection:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "3DDF2EE3-753B-4C7E-84EF-144FA5986A21", "vulnerable": true}, {"criteria": "cpe:2.3:a:ca:etrust_intrusion_detection:2.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "29FEABEE-DC17-4620-B088-B24249865931", "vulnerable": true}, {"criteria": "cpe:2.3:a:ca:etrust_intrusion_detection:3.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "D10B864B-AA39-4702-A42B-F33BAF2D8059", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in SW3eng.exe in the eID Engine service in CA (formerly Computer Associates) eTrust Intrusion Detection 3.0.5.57 and earlier allows remote attackers to cause a denial of service (application crash) via a long key length value to the remote administration port (9191/tcp)."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en mont\u00f3n en SW3eng.exe en el servicio eID Engine en CA (anteriormente llamado Computer Associates) eTrust Intrusion Detection 3.0.5.57 y versiones anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) mediante un valor de clave de longitud larga en el puerto de administraci\u00f3n remota (tcp/9191)."}], "id": "CVE-2007-1005", "lastModified": "2024-11-21T00:27:16.643", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-03-02T21:18:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=484"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/24309"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://supportconnectw.ca.com/public/ca_common_docs/eid_secnotice.asp"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/32290"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/461567/100/100/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/22743"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1017706"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0776"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=484"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/24309"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://supportconnectw.ca.com/public/ca_common_docs/eid_secnotice.asp"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/32290"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/461567/100/100/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/22743"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1017706"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0776"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}