CVE-2007-1005

Name of the Vulnerable Software and Affected Versions: CA eTrust Intrusion Detection versions 3.0.5.57 and earlier

Description: The issue is related to a heap-based buffer overflow in the eID Engine service, specifically in the SW3eng.exe component. This can be triggered by remote attackers sending a long key length value to the remote administration port (9191/tcp), resulting in a denial of service (application crash).

Recommendations: For versions 3.0.5.57 and earlier, consider restricting access to the remote administration port (9191/tcp) to minimize the risk of exploitation. As a temporary workaround, limit the key length value accepted by the eID Engine service to prevent the buffer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.