Short Name |
APP:CA:LIC-GETCONFIG-OF2 |
---|---|
Severity |
Critical |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Computer Associates License Software GETCONFIG Buffer Overflow 2 |
Release Date |
2005/07/20 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vsrx-12.1+ |
This signature detects attempts to exploit a known vulnerability in Computer Associates License Software. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the user.
Computer Associates License client and server applications are reported prone to multiple vulnerabilities. These issues include various buffer overflow vulnerabilities in the client and server and a directory traversal vulnerability in the client. A remote attacker may execute arbitrary code and place files in arbitrary locations on a vulnerable computer. It should be noted that the affected application runs with SYSTEM privileges on Microsoft Windows Platforms and superuser privileges on UNIX platforms; this will allow for a complete compromise of the affected computer. **Update: Additional vulnerabilities are reported to affect the 'LIC98RMT.EXE' component of the Computer Associates License application. Computer Associates License application versions 1.53 to 1.61.8 on all supported platforms are affected by these vulnerabilities.