This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
APP:CA:IGATEWAY-CNT-LEN-OF
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
APP
|
Keywords |
Computer Associates Content-Length Overflow
|
Release Date |
2006/10/18
|
Update Number |
1213
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
APP: Computer Associates Content-Length Overflow
This signature detects attempts to exploit a known vulnerability in the Computer Associates iTechnology iGateway Service. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the system.
Extended Description
The iGateway component of various Computer Associates products allows remote attackers to execute arbitrary code by exploiting a heap-overflow vulnerability.
The attacker can trigger the vulnerability by supplying a negative HTTP Content-Length value and a large URI to the service.
A successful attack can result in corrupting process memory and the execution of arbitrary code with SYSTEM privileges on Windows platforms. The vendor has reported that this issue triggers only a denial-of-service condition on other platforms.
Products containing iGateway 4.0.051230 are vulnerable to this issue.
Affected Products
- Computer_associates arcserve_backup_for_laptops_and_desktops 11.0
- Computer_associates arcserve_backup_for_laptops_and_desktops 11.1
- Computer_associates brightstor_arcserve_backup 11.1.0
- Computer_associates brightstor_arcserve_backup 11.5.0
- Computer_associates brightstor_arcserve_backup 9.01
- Computer_associates brightstor_arcserve_backup_for_windows 11.0.0
- Computer_associates brightstor_enterprise_backup_for_solaris 10.0.0
- Computer_associates brightstor_enterprise_backup_for_solaris 10.5.0
- Computer_associates brightstor_enterprise_backup_for_tru64 10.5.0
- Computer_associates brightstor_enterprise_backup_for_windows_64_bit 10.5.0
- Computer_associates brightstor_portal 11.1.0
- Computer_associates brightstor_process_automation_manager 11.1.0
- Computer_associates brightstor_san_manager 11.1.0
- Computer_associates brightstor_san_manager 11.5.0
- Computer_associates brightstor_srm 11.1.0
- Computer_associates brightstor_srm 11.5.0
- Computer_associates brightstor_srm 6.3.0
- Computer_associates brightstor_srm 6.4.0
- Computer_associates etrust_admin 8.1.0
- Computer_associates etrust_audit_aries 1.5.0 SP2
- Computer_associates etrust_audit_aries 1.5.0 SP3
- Computer_associates etrust_audit_aries 8.0.0
- Computer_associates etrust_audit_irecorders 1.5.0 SP2
- Computer_associates etrust_audit_irecorders 1.5.0 SP3
- Computer_associates etrust_audit_irecorders 8.0.0
- Computer_associates etrust_directory 8.1
- Computer_associates etrust_identity_minder 8.0.0
- Computer_associates etrust_integrated_threat_management 8.0.0
- Computer_associates etrust_secure_content_manager 8.0.0
- Computer_associates unicenter_application_performance_monitor 11.0.0
- Computer_associates unicenter_application_server_managment 11.0.0
- Computer_associates unicenter_asset_portfolio_management 11.0.0
- Computer_associates unicenter_autosys_jm 11.0.0
- Computer_associates unicenter_ca_web_services_distributed_management 11.0.0
- Computer_associates unicenter_exchange_management 11.0.0
- Computer_associates unicenter_management_for_weblogic 11.0.0
- Computer_associates unicenter_management_for_websphere 11.0.0
- Computer_associates unicenter_mq_management 11.0.0
- Computer_associates unicenter_service_catalog/fulfillment/accounting 11.0.0
- Computer_associates unicenter_service_delivery 11.0.0
- Computer_associates unicenter_service_desk 11.0.0
- Computer_associates unicenter_service_desk_knowledge_tools 11.0.0
- Computer_associates unicenter_service_fulfillment 11.0.0
- Computer_associates unicenter_service_fulfillment 2.2.0
- Computer_associates unicenter_service_level_management 11.0.0
- Computer_associates unicenter_service_matrix_analysis 11.0.0
- Computer_associates unicenter_web_server_management 11.0.0
References