CA eSCC r8/1.0 / eTrust Audit r8/1.5 - Audit Event System Replay Attack

EDB-ID:

28642




Platform:

Windows

Date:

2006-09-21


source: https://www.securityfocus.com/bid/20139/info
 
CA eTrust Security Command Center (eSCC) and eTrust Audit are prone to multiple vulnerabilities, including:
 
- an information-disclosure issue
- an arbitrary-file-deletion issue
- a replay issue.
 
These vulnerabilities occur because the software fails to validate user input and because of design errors in the way the software handles user permissions and secure data-transmission protocols.
 
An attacker may exploit these vulnerabilities to access sensitive information, delete arbitrary files with the permissions of the service account, and carry out external replay attacks.

The following command-line example will send a login-failure event:
etsapisend.exe -nod $dstIP -cat "System Access" -opr Logon -sta F -nam NT-Security -loc \\Domain\IIS_Server -usr System -evt 70 -src Security -nid 529 -inf "Logon Failure"