[<prev] [next>] [day] [month] [year] [list]
Message-ID: <649CDCB56C88AA458EFF2CBF494B62044A2830@USILMS12.ca.com>
Date: Fri, 27 Jan 2006 00:24:02 -0500
From: "Williams, James K" <James.Williams@...com>
To: <bugtraq@...urityfocus.com>
Subject: CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability [v1.1]
Please see below for important changes to CAID 33778.
Changelog is near end of advisory.
Regards,
Ken Williams
Title: CAID 33778 - CA iGateway Content-Length Buffer Overflow
Vulnerability [v1.1]
CA Vulnerability ID: 33778
CA Advisory Date: 2006-01-23
Updated Advisory [v1.1]: 2006-01-26
Discovered By: Erika Mendoza reported this issue to iDefense.
Impact: Remote attacker can execute arbitrary code with SYSTEM
privileges.
Summary: The CA iGateway common component, which is included with
several CA products for UNIX/Linux/Windows platforms, contains a
buffer overflow vulnerability that can allow arbitrary code to be
executed remotely with SYSTEM privileges on Windows, and cause
iGateway component failure on UNIX and Linux platforms.
Mitigating Factors: None.
Severity: CA has given this vulnerability a Medium risk rating.
Affected Technologies: Please note that the iGateway component is
not a product, but rather a common component that is included
with multiple products. The iGateway component is included in
the following CA products, which are consequently potentially
vulnerable. Note that iGateway component versions older than
4.0.051230 are vulnerable to this issue.
Affected Products:
BrightStor ARCserve Backup r11.5
BrightStor ARCserve Backup r11.1
BrightStor ARCserve Backup for Windows r11
BrightStor Enterprise Backup 10.5
BrightStor ARCserve Backup v9.01
BrightStor ARCserve Backup Laptop & Desktop r11.1
BrightStor ARCserve Backup Laptop & Desktop r11
BrightStor Process Automation Manager r11.1
BrightStor SAN Manager r11.1
BrightStor SAN Manager r11.5
BrightStor Storage Resource Manager r11.5
BrightStor Storage Resource Manager r11.1
BrightStor Storage Resource Manager 6.4
BrightStor Storage Resource Manager 6.3
BrightStor Portal 11.1
Note to BrightStor Storage Resource Manager and BrightStor Portal
users: In addition to the application servers where these products
are installed, all hosts that have iSponsors deployed to them for
managing applications like Veritas Volume Manager and Tivoli TSM
are also affected by this vulnerability.
eTrust Products:
eTrust Audit 1.5 SP2 (iRecorders and ARIES)
eTrust Audit 1.5 SP3 (iRecorders and ARIES)
eTrust Audit 8.0 (iRecorders and ARIES)
eTrust Admin 8.1
eTrust Identity Minder 8.0
eTrust Secure Content Manager (SCM) R8
eTrust Integrated Threat Management (ITM) R8
eTrust Directory, R8.1 (Web Components Only)
Unicenter Products:
Unicenter CA Web Services Distributed Management R11
Unicenter AutoSys JM R11
Unicenter Management for WebLogic / Management for WebSphere R11
Unicenter Service Delivery R11
Unicenter Service Level Management (USLM) R11
Unicenter Application Performance Monitor R11
Unicenter Service Desk R11
Unicenter Service Desk Knowledge Tools R11
Unicenter Asset Portfolio Management R11
Unicenter Service Metric Analysis R11
Unicenter Service Catalog/Assure/Accounting R11
Unicenter MQ Management R11
Unicenter Application Server Management R11
Unicenter Web Server Management R11
Unicenter Exchange Management R11
Affected platforms:
AIX, HP-UX, Linux Intel, Solaris, and Windows
Status and Recommendation:
Customers with vulnerable versions of the iGateway component
should upgrade to the current version of iGateway (4.0.051230 or
later), which is available for download from the following
locations:
http://supportconnect.ca.com/
ftp://ftp.ca.com/pub/iTech/downloads/
Determining the version of iGateway:
To determine the version numbers of the iGateway components:
Go to the igateway directory:
On windows, this is %IGW_LOC%
Default path for v3.*: C:\Program Files\CA\igateway
Default path for v4.*:
C:\Program Files\CA\SharedComponents\iTechnology
On unix,
Default path for v3.*: /opt/CA/igateway
Default path for v4.*: the install directory path is contained in
opt/CA/SharedComponents/iTechnology.location.
The default path is /opt/CA/SharedComponents/iTechnology
Look at the <Version> element in igateway.conf.
The versions are affected by this vulnerability if you see
a value LESS THAN the following:
<Version>4.0.051230</Version> (note the format of v.s.YYMMDD)
References:
(note that URLs may wrap)
CA SupportConnect:
http://supportconnect.ca.com/
http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_not
ice.asp
CAID: 33778
CAID Advisory link:
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778
CVE Reference: CVE-2005-3653
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3653
OSVDB Reference: OSVDB-22688
http://osvdb.org/22688
iDefense Reference:
Computer Associates iTechnology iGateway Service Content-Length
Buffer Overflow
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376
Changelog:
v1.0 - Initial Release
v1.1 - Removed several unaffected technologies; added more
reference links.
Customers who require additional information should contact CA
Technical Support at http://supportconnect.ca.com.
For technical questions or comments related to this advisory,
please send email to vuln@...com, or contact me directly.
If you discover a vulnerability in CA products, please report
your findings to vuln@...com, or utilize our "Submit a
Vulnerability" form.
URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx
Regards,
Ken Williams ; 0xE2941985
Dir. of CA Vulnerability Research Team
CA, One Computer Associates Plaza. Islandia, NY 11749
Contact http://www3.ca.com/contact/
Legal Notice http://ca.com/calegal.htm
Privacy Policy http://www.ca.com/caprivacy.htm
Copyright 2006 CA. All rights reserved.
Powered by blists - more mailing lists