Computer Associates (CA) iGateway Content-Length buffer overflow
| ca-igateway-contentlength-bo (24269) |  High Risk |
Description:
Computer Associates iGateway is vulnerable to a heap-based buffer overflow, caused by improper handling of negative HTTP Content-Length values. By sending a specially-crafted HTTP request with an overly long URI and a negative Content-Length header to port 5250, a remote attacker could overflow a buffer and execute arbitrary code on the system with SYSTEM level privileges.
*CVSS:
| Base Score: | 10 |
| Access Vector: | Remote |
| Access Complexity: | Low |
| Authentication: | Not Required |
| Confidentiality Impact: | Complete |
| Integrity Impact: | Complete |
| Availability Impact: | Complete |
| Temporal Score: | 7.4 |
| Exploitability: | Unproven |
| Remediation Level: | Official-Fix |
| Report Confidence: | Confirmed |
Consequences:
Gain Access
Remedy:
Upgrade to the latest version of iGateway (4.0.051230 or later), available from the Computer Associates Web site. See References.
References:
- CA SupportConnect Web site: SupportConnect.
- Full-Disclosure Mailing List, Mon Jan 23 2006 - 10:23:59 CST: CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability.
- iDEFENSE Security Advisory 01.23.06: Computer Associates iTechnology iGateway Service Content-Length Buffer Overflow.
- BID-16354: Computer Associates iTechnology iGateway Service Content-Length Heap Overflow Vulnerability
- CVE-2005-3653: Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field.
- OSVDB ID: 22688: CA iGateway Service Content-Length Overflow
- SA18591: CA Products iGateway Service Content-Length Buffer Overflow
- SECTRACK ID: 1015526: Computer Associates Content-Length Buffer Overflow in iGateway Lets Remote Users Execute Arbitrary Code
- VUPEN/ADV-2006-0311: Computer Associates Multiple Products Remote Buffer Overflow Vulnerability
Platforms Affected:
- CA BrightStor ARCserve Backup 11.1
- CA BrightStor ARCserve Backup 11.5
- CA BrightStor ARCserve Backup 9.01
- CA BrightStor ARCserve Backup for Windows 11
- CA BrightStor ARCserve Backup Laptops Desktops 11.0
- CA BrightStor ARCserve Backup Laptops Desktops 11.1
- CA BrightStor Enterprise Backup 10.5
- CA BrightStor Portal 11.1
- CA BrightStor Process Automation Manager 11.1
- CA BrightStor SAN Manager 11.1
- CA BrightStor SAN Manager 11.5
- CA BrightStor Storage Resource Manager 11.1
- CA BrightStor Storage Resource Manager 11.5
- CA BrightStor Storage Resource Manager 6.3
- CA BrightStor Storage Resource Manager 6.4
- CA eTrust Admin 8.1
- CA eTrust Audit Client 1.5 SP2
- CA eTrust Audit Client 1.5 SP3
- CA eTrust Audit Client 8.0
- CA eTrust Directory 8.1
- CA eTrust Identity Minder 8.0
- CA eTrust Integrated Threat Management 8.0
- CA eTrust Secure Content Manager 8.0
- CA iTechnology iGateway 4.0.041221
- CA iTechnology iGateway 4.0.050126
- CA iTechnology iGateway 4.0.050224
- CA iTechnology iGateway 4.0.050306
- CA iTechnology iGateway 4.0.050321
- CA iTechnology iGateway 4.0.050322
- CA iTechnology iGateway 4.0.050325
- CA iTechnology iGateway 4.0.050401
- CA iTechnology iGateway 4.0.050413
- CA iTechnology iGateway 4.0.050414
- CA iTechnology iGateway 4.0.050518
- CA iTechnology iGateway 4.0.050526
- CA iTechnology iGateway 4.0.050601
- CA iTechnology iGateway 4.0.050613
- CA iTechnology iGateway 4.0.050615
- CA Unicenter Application Performance Monitor 11
- CA Unicenter Application Server Management 11
- CA Unicenter Asset Portfolio Management 11.0
- CA Unicenter AutoSys JM 11.0
- CA Unicenter Exchange Management Console 11.0
- CA Unicenter Management WebLogic 11.0
- CA Unicenter Management WebSphere 11.0
- CA Unicenter Service Catalog Fulfillment Accounting 11.0
- CA Unicenter Service Delivery 11.0
- CA Unicenter Service Desk 11.0
- CA Unicenter Service Desk Knowledge Tools 11.0
- CA Unicenter Service Fulfillment 11
- CA Unicenter Service Fulfillment 2.2
- CA Unicenter Service Level Management 11.0
- CA Unicenter Service Metric Analysis 11.0
- CA Unicenter Web Server Management 11.0
- CA Unicenter Web Services Distributed Management 11.0
Reported:
Jan 23, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net
* According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall IBM be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.