source: http://www.securityfocus.com/bid/20139/info CA eTrust Security Command Center (eSCC) and eTrust Audit are prone to multiple vulnerabilities, including: - an information-disclosure issue - an arbitrary-file-deletion issue - a replay issue. These vulnerabilities occur because the software fails to validate user input and because of design errors in the way the software handles user permissions and secure data-transmission protocols. An attacker may exploit these vulnerabilities to access sensitive information, delete arbitrary files with the permissions of the service account, and carry out external replay attacks. The following command-line example will send a login-failure event: etsapisend.exe -nod $dstIP -cat "System Access" -opr Logon -sta F -nam NT-Security -loc \\Domain\IIS_Server -usr System -evt 70 -src Security -nid 529 -inf "Logon Failure"
Related ExploitsTrying to match CVEs (1): CVE-2006-4901
Trying to match OSVDBs (1): 29011
Other Possible E-DB Search Terms: CA eSCC r8/1.0 / eTrust Audit r8/1.5, CA eSCC r8, CA eSCC r
|2006-09-21||28640||CA eSCC r8/1.0 / eTrust Audit r8/1.5 - Web Server Full Path Disclosure||Patrick Webster|
|2006-09-21||28641||CA eSCC r8/1.0 / eTrust Audit r8/1.5 - Unspecified Arbitrary File Manipulation||Patrick Webster|