CA eTrust Security Command Center (eSCC)和eTrust Audit是CA产品安全命令执行和审核程序。 CA eTrust Security Command Center (eSCC)和eTrust Audit存在多个安全问题,远程攻击者可以利用漏洞获得敏感信息,执行任意文件删除或者重播攻击。 第一个问题是允许攻击者发现在windows平台上的web服务器路径信息,此漏洞影响eTrust Security Command Center Server 1.0, r8, r8 SP1 CR1, 和r8 SP1 CR2版本。 第二个问题是允许攻击者使用服务账户权限读取/删除主机服务器上的任意文件。 第三个问题是允许攻击者执行外部的重拨攻击。 Computer Associates eTrust Security Command Center r8 SP1 CR2 Computer Associates eTrust Security Command Center r8 SP1 CR1 Computer Associates eTrust Security Command Center r8 Computer Associates eTrust Security Command Center 1.0 Computer Associates eTrust Audit r8 Computer Associates eTrust Audit 1.5 针对任意文件读/删除漏洞采用如下补丁: ------------------------------------------------------------------------------- For: CA eTrust Security Command Center - Server r8 <a href="ftp://ftp.ca.com/CAproducts/unicenter/eTrust/ETRSCC/nt/0410/QO81851/" target="_blank">ftp://ftp.ca.com/CAproducts/unicenter/eTrust/ETRSCC/nt/0410/QO81851/</a>...
CA eTrust Security Command Center (eSCC)和eTrust Audit是CA产品安全命令执行和审核程序。 CA eTrust Security Command Center (eSCC)和eTrust Audit存在多个安全问题,远程攻击者可以利用漏洞获得敏感信息,执行任意文件删除或者重播攻击。 第一个问题是允许攻击者发现在windows平台上的web服务器路径信息,此漏洞影响eTrust Security Command Center Server 1.0, r8, r8 SP1 CR1, 和r8 SP1 CR2版本。 第二个问题是允许攻击者使用服务账户权限读取/删除主机服务器上的任意文件。 第三个问题是允许攻击者执行外部的重拨攻击。 Computer Associates eTrust Security Command Center r8 SP1 CR2 Computer Associates eTrust Security Command Center r8 SP1 CR1 Computer Associates eTrust Security Command Center r8 Computer Associates eTrust Security Command Center 1.0 Computer Associates eTrust Audit r8 Computer Associates eTrust Audit 1.5 针对任意文件读/删除漏洞采用如下补丁: ------------------------------------------------------------------------------- For: CA eTrust Security Command Center - Server r8 <a href="ftp://ftp.ca.com/CAproducts/unicenter/eTrust/ETRSCC/nt/0410/QO81851/" target="_blank">ftp://ftp.ca.com/CAproducts/unicenter/eTrust/ETRSCC/nt/0410/QO81851/</a> ------------------------------------------------------------------------------- For: CA eTrust Security Command Center r8 SP1 CR2 <a href="ftp://ftp.ca.com/CAproducts/unicenter/eTrust/ETRSCC/nt/SP1/QO81878/" target="_blank">ftp://ftp.ca.com/CAproducts/unicenter/eTrust/ETRSCC/nt/SP1/QO81878/</a> ------------------------------------------------------------------------------- For: CA eTrust Security Command Center r8 SP1 CR1 <a href="ftp://ftp.ca.com/CAproducts/unicenter/eTrust/ETRSCC/nt/SP1/QO81876" target="_blank">ftp://ftp.ca.com/CAproducts/unicenter/eTrust/ETRSCC/nt/SP1/QO81876</a> 针对web路径泄露问题采用如下补丁: ------------------------------------------------------------------------------- For: CA eTrust Security Command Center r8 SP1 CR1 <a href="ftp://ftp.ca.com/CAproducts/unicenter/eTrust/ETRSCC/nt/SP1/QO81862" target="_blank">ftp://ftp.ca.com/CAproducts/unicenter/eTrust/ETRSCC/nt/SP1/QO81862</a> ------------------------------------------------------------------------------- For: CA eTrust Security Command Center r8 SP1 CR2 <a href="ftp://ftp.ca.com/CAproducts/unicenter/eTrust/ETRSCC/nt/SP1/QO81863" target="_blank">ftp://ftp.ca.com/CAproducts/unicenter/eTrust/ETRSCC/nt/SP1/QO81863</a> ------------------------------------------------------------------------------- For: CA eTrust Security Command Center 1.0 <a href="ftp://ftp.ca.com/CAproducts/unicenter/eTrust/ETRSCC/nt/0308/QO81875" target="_blank">ftp://ftp.ca.com/CAproducts/unicenter/eTrust/ETRSCC/nt/0308/QO81875</a> ------------------------------------------------------------------------------- For: CA eTrust Security Command Center - Server r8 <a href="ftp://ftp.ca.com/CAproducts/unicenter/eTrust/ETRSCC/nt/0410/QO81758" target="_blank">ftp://ftp.ca.com/CAproducts/unicenter/eTrust/ETRSCC/nt/0410/QO81758</a> 重播攻击可采用防火墙过滤。