A high-risk buffer overflow vulnerability in Computer Associates International Inc.'s eTrust Vet anti-virus engine could put users at risk of PC takeover attacks, the company warned in an advisory.

The Islandia, N.Y., software giant issued an alert for the flaw late Monday with a chilling warning that a successful attacker using a specially crafted Microsoft Office document could "gain full access to the computer without any user interaction."

The issue affects several enterprise products that rely on the Vet anti-virus engine, including CA InoculateIT 6.0, eTrust Antivirus 6.0 through 7.1, eTrust Antivirus for the Gateway 7.0 and 7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, and BrightStor ARCserve Backup.

Users of the consumer-facing eTrust EZ Antivirus and eTrust EZ Armor suites are also at risk.

"All Computer Associates' corporate products and some of our retail products that utilize the Vet Antivirus Engine have the ability to patch this vulnerability automatically. For these products, the patch for this vulnerability was already rolled out as part of the daily Vet Signature updates and no further action is required," CA explained in an advisory.

The company said the Vet Antivirus Engine is included in drivers, system services to automatically scan any files that the computer may access. "In the worst scenario, an external attacker may present a carefully crafted Microsoft Office document to a vulnerable computer for virus scanning and gain control of the computer without any user interaction," the alert read.

A knowledge document was also issued with detailed instructions on how to apply the required updates.If you have read any of the technical journals within the last few months, you might believe that Voice over IP (VoIP) has taken over the world. Up until recently, IP telephony (IPT) has been considered a premium service only affordable by larger companies. However, new product offerings and healthy competition has created a more affordable pricing model for all business types and sizes. This topic is one that has pushed the management “hot-button” of efficiency and cost-savings, and sparked a recent overwhelming interest.

While several claims have been exaggerated, VoIP can deliver many time and cost saving benefits. The most significant benefits include:

• Reduced administrative and management cost
• Reduced branch office and telecommuter cost
• Converged application structure to improve service and decrease cost
• New IP telephony applications

Let’s take a deeper look at how each of these benefits apply to a company considering VoIP implementation.

Reduced Administrative and Management Cost
Traditional office phone systems (known as Key Systems or PBXs) require specialized training to implement and manage. Because of this, small- to medium-size businesses do not keep PBX technicians on staff; rather, the phone system setup and maintenance is done on a contract basis. Moves, adds, or changes (MACs) to the phone system can cost anywhere between $55 to $295, with an average of $199 (source: Nemertes Research). If you have on-staff support, the cost for each MAC is reduced to $37 to $90, based on an average of one to two hours for each MAC.

When using a VoIP infrastructure, the job responsibilities of data network support and phone technician are combined into a single role. This provides the ability for the company to hire one person to support both systems. In addition, support for most MACs is no longer necessary since IP phones can be moved from one location to another and still retain its identity (phone number).

Reduced Branch Office and Telecommuter Cost
When designing a corporate data network infrastructure, the central office, branch office(s) and telecommuting employees are all connected together. This can be done through dedicated lines, such as a T1, or through VPN connectivity. The VoIP system can ride on top of this data structure allowing the phone system to appear as one entity even though the physical locations may be spread around the world.

This structure allows for a central receptionist for all locations who can receive and redirect calls, all without incurring any long distance charges.

Converged Application Structure to Improve Service and Decrease Cost
A powerful aspect of using IP telephony is the collapse of the separate communication and information methods into a unified system. For example, in the traditional telephony structure, if you need to send someone a fax, you load a paper into a fax machine and send it to another fax machine that receives and prints the data. Under the new IP telephony structure, the fax can be received and converted into an email message, or dictated as a voice message! Essentially, voicemail, email, and fax infrastructures are all converged into a single inbox and outbox system where all communication types can be accessed from any communication device.

New IP Telephony Applications
One of the most exciting aspects of IPT is the new applications that are emerging now and will be in the future. New communication methods have been released that allow callers to integrate Video over IP into their phone calls and see a real-time video stream when placing phone calls. Conference calls are organized into a “Brady-Bunch” visual where all conference call participants can be seen. The current speaker is enlarged and the focus is dynamically changed as other participants begin to speak.

Hotel and hospital application packages have already been released allowing application systems previously disparate to integrate into a single platform. For example, hotel registration, room-service, and movie rental systems have converged into a single server. This allows a hotel guest to check in or out, rent movies, order room service and many other services from the IP phone. For the end user, this gives an ease of ordering. For the hotel business, this gives a converged application environment, no longer requiring a purchase of separate systems to manage each service.

The IP Telephony Scoop
In short, IP telephony is quietly revolutionizing the industry behind the scenes. Truth be told, we have not even begun to scratch the surface of the possibilities achievable when you collapse the data, voice, and video networks into a single infrastructure. If you are considering deploying a VoIP network, <hyperlink> contact us <hyperlink> and we would be happy to have an AdTEC Networks consultant discuss the additional benefits of VoIP.

Author: Jeremy D. Cioara – CCIE, MCSE, CNE

Go Back