Computer Associates (CA) iGateway Content-Length buffer overflow

ca-igateway-contentlength-bo (24269)

High Risk

Description:

Computer Associates iGateway is vulnerable to a heap-based buffer overflow, caused by improper handling of negative HTTP Content-Length values. By sending a specially-crafted HTTP request with an overly long URI and a negative Content-Length header to port 5250, a remote attacker could overflow a buffer and execute arbitrary code on the system with SYSTEM level privileges.

Platforms Affected:

• CA, BrightStor ARCserve Backup 11.1
• CA, BrightStor ARCserve Backup 11.5
• CA, BrightStor ARCserve Backup 9.01
• CA, BrightStor ARCserve Backup for Windows 11
• CA, BrightStor ARCserve Backup Laptops Desktops 11.0
• CA, BrightStor ARCserve Backup Laptops Desktops 11.1
• CA, BrightStor Enterprise Backup 10.5
• CA, BrightStor Portal 11.1
• CA, BrightStor Process Automation Manager 11.1
• CA, BrightStor SAN Manager 11.1
• CA, BrightStor SAN Manager 11.5
• CA, BrightStor Storage Resource Manager 11.1
• CA, BrightStor Storage Resource Manager 11.5
• CA, BrightStor Storage Resource Manager 6.3
• CA, BrightStor Storage Resource Manager 6.4
• CA, eTrust Admin 8.1
• CA, eTrust Audit Client 1.5 SP2
• CA, eTrust Audit Client 1.5 SP3
• CA, eTrust Audit Client 8.0
• CA, eTrust Directory 8.1
• CA, eTrust Identity Minder 8.0
• CA, eTrust Integrated Threat Management 8.0
• CA, eTrust Secure Content Manager 8.0
• CA, iTechnology iGateway 4.0.041221
• CA, iTechnology iGateway 4.0.050126
• CA, iTechnology iGateway 4.0.050224
• CA, iTechnology iGateway 4.0.050306
• CA, iTechnology iGateway 4.0.050321
• CA, iTechnology iGateway 4.0.050322
• CA, iTechnology iGateway 4.0.050325
• CA, iTechnology iGateway 4.0.050401
• CA, iTechnology iGateway 4.0.050413
• CA, iTechnology iGateway 4.0.050414
• CA, iTechnology iGateway 4.0.050518
• CA, iTechnology iGateway 4.0.050526
• CA, iTechnology iGateway 4.0.050601
• CA, iTechnology iGateway 4.0.050613
• CA, iTechnology iGateway 4.0.050615
• CA, Unicenter Application Performance Monitor 11
• CA, Unicenter Application Server Management 11
• CA, Unicenter Asset Portfolio Management 11.0
• CA, Unicenter AutoSys JM 11.0
• CA, Unicenter Exchange Management Console 11.0
• CA, Unicenter Management WebLogic 11.0
• CA, Unicenter Management WebSphere 11.0
• CA, Unicenter Service Catalog Fulfillment Accounting 11.0
• CA, Unicenter Service Delivery 11.0
• CA, Unicenter Service Desk 11.0
• CA, Unicenter Service Desk Knowledge Tools 11.0
• CA, Unicenter Service Fulfillment 11
• CA, Unicenter Service Fulfillment 2.2
• CA, Unicenter Service Level Management 11.0
• CA, Unicenter Service Metric Analysis 11.0
• CA, Unicenter Web Server Management 11.0
• CA, Unicenter Web Services Distributed Management 11.0

Remedy:

Upgrade to the latest version of iGateway (4.0.051230 or later), available from the Computer Associates Web site. See References.

Consequences:

Gain Access

References:

• CA SupportConnect Web site, SupportConnect at http://supportconnect.ca.com/sc/support/Index.
• Full-Disclosure Mailing List, Mon Jan 23 2006 - 10:23:59 CST, CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability at http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0794.html.
• iDEFENSE Security Advisory 01.23.06, Computer Associates iTechnology iGateway Service Content-Length Buffer Overflow at http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376.
• BID-16354: Computer Associates iTechnology iGateway Service Content-Length Heap Overflow Vulnerability
• CVE-2005-3653: Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field.
• OSVDB ID: 22688: CA iGateway Service Content-Length Overflow
• SA18591: CA Products iGateway Service Content-Length Buffer Overflow
• SECTRACK ID: 1015526: Computer Associates Content-Length Buffer Overflow in iGateway Lets Remote Users Execute Arbitrary Code
• VUPEN/ADV-2006-0311: Computer Associates Multiple Products Remote Buffer Overflow Vulnerability

Reported:

Jan 23, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page