OSVDB ID: 22688

Title: CA iGateway Service Content-Length Overflow

Info

Disclosure

Jan 23, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Jan 23, 2006

Description

A remote overflow exists in iGateway. The web server fails to properly validate the Content-Length header, resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code to be executed, resulting in a loss of integrity and/or availability.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Disclosure: OSVDB Verified, Vendor Verified
OSVDB: Web Related

Solution

Upgrade to version 4.0.051230 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Computer Associates International, Inc.	BrightStor ARCserve Backup	r11.5
	BrightStor ARCserve Backup	r11.1
	BrightStor ARCserve Backup (Windows)	r11
	BrightStor Enterprise Backup	10.5
	BrightStor ARCServe Backup for Laptops &amp;amp;amp;amp;amp; Desktops	r11.1
	BrightStor ARCServe Backup for Laptops &amp;amp;amp;amp;amp; Desktops	r11
	BrightStor Process Automation Manager	r11.1
	BrightStor SAN Manager	r11.1
	BrightStor SAN Manager	r11.5
	BrightStor Storage Resource Manager	r11.5
		r11.1
		6.4
		6.3
	BrightStor Portal	11.1
	eTrust Audit	1.5 SP2
		1.5 SP3
		8.0
	eTrust Admin	8.1
	eTrust Identity Minder	8.0
	eTrust Secure Content Manager (SCM)	r8
	eTrust Integrated Threat Management (ITM)	r8
	eTrust Directory	R8.1
	Unicenter CA Web Services Distributed Management	r11.1
	Unicenter AutoSys JM	r11
	Unicenter Management for WebLogic	r11
	Unicenter Management for WebSphere	r11
	Unicenter Service Delivery	r11
	Unicenter Service Level Management (USLM)	r11
	Unicenter Application Performance Monitor	r11
	Unicenter Service Desk	r11
	Unicenter Service Desk Knowledge Tools	r11
	Unicenter Asset Portfolio Management	r11
	Unicenter Service Catalog/Fulfillment/Accounting	r11
	Unicetner MQ Management	r11
	Unicenter Application Server Management	r11
	Unicenter Web Server Management	r11
	Unicenter Exchange Management	r11
	Service Metric Analysis	r11
	ARCserve Backup	9.01

References

Security Tracker: 1015526
Bugtraq ID: 16354
Secunia Advisory ID: 18591
CVE ID: 2005-3653 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0794.html
Vendor URL: http://ca.com/
Vendor Specific Advisory URL: http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778
Other Advisory URL: http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376

Credit

Erika Mendoza -

Direct URL: http://osvdb.org/22688

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Computer Associates International, Inc.

BrightStor ARCserve Backup

BrightStor ARCserve Backup (Windows)

BrightStor Enterprise Backup

BrightStor ARCServe Backup for Laptops &amp;amp;amp;amp;amp;amp; Desktops

BrightStor ARCServe Backup for Laptops &amp;amp;amp;amp;amp;amp; Desktops

BrightStor Process Automation Manager

BrightStor SAN Manager

BrightStor Storage Resource Manager

BrightStor Portal

eTrust Audit

eTrust Admin

eTrust Identity Minder

eTrust Secure Content Manager (SCM)

eTrust Integrated Threat Management (ITM)

eTrust Directory

Unicenter CA Web Services Distributed Management

Unicenter AutoSys JM

Unicenter Management for WebLogic

Unicenter Management for WebSphere

Unicenter Service Delivery

Unicenter Service Level Management (USLM)

Unicenter Application Performance Monitor

Unicenter Service Desk

Unicenter Service Desk Knowledge Tools

Unicenter Asset Portfolio Management

Unicenter Service Catalog/Fulfillment/Accounting

Unicetner MQ Management

Unicenter Application Server Management

Unicenter Web Server Management

Unicenter Exchange Management

Service Metric Analysis

ARCserve Backup

References

Credit

BrightStor ARCServe Backup for Laptops &amp;amp;amp;amp; Desktops

BrightStor ARCServe Backup for Laptops &amp;amp;amp;amp; Desktops