CVE-2007-1005 — Insecure Temporary File in Etrust Intrusion Detection

CWE-377 — Insecure Temporary File5 documents5 sources

Severity

7.8HIGHNVD

EPSS

3.8%

top 11.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Etrust Intrusion Detection CA Etrust Intrusion Detection

Timeline

PublishedMar 2

Latest updateMay 1

Description

Heap-based buffer overflow in SW3eng.exe in the eID Engine service in CA (formerly Computer Associates) eTrust Intrusion Detection 3.0.5.57 and earlier allows remote attackers to cause a denial of service (application crash) via a long key length value to the remote administration port (9191/tcp).

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

▶NVDca/etrust_intrusion_detection2.0, 3.0+1

▶NVDbroadcom/etrust_intrusion_detection3.0

Patches

Patch: labs.idefense.com ↗Patch: secunia.com ↗Patch: supportconnectw.ca.com ↗

🔴Vulnerability Details

GHSA

GHSA-29mq-6jwf-w4hx: Heap-based buffer overflow in SW3eng↗2022-05-01

▶

CVEList

CVE-2007-1005: Heap-based buffer overflow in SW3eng↗2007-03-02

▶

💥Exploits & PoCs

Exploit-DB

Ekiga 2.0.5 - 'GetHostAddress' Remote Denial of Service↗2009-07-24

▶

📋Vendor Advisories

Red Hat

sysstat insecure temporary file usage↗2007-08-10

▶