what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

caid-33485.txt

caid-33485.txt
Posted Oct 21, 2005
Authored by Ken Williams | Site ca.com

The Computer Associates iGateway common component, which is included with several CA products for UNIX/Linux/Windows platforms, contains a buffer overflow vulnerability that could allow remote attackers to execute arbitrary code on Windows platforms, or cause iGateway component failure (denial of service) on UNIX and Linux. The vulnerability is due to improper bounds checking on HTTP GET requests by the iGateway component when debug mode is enabled.

tags | advisory, remote, web, denial of service, overflow, arbitrary
systems | linux, windows, unix
SHA-256 | 74bd732e56cce6be5894ef060731af97fd2aa0bfc7f55e97f70154c829339733

caid-33485.txt

Change Mirror Download
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Title: Computer Associates iGateway debug mode HTTP GET request
buffer overflow vulnerability

CA Vulnerability ID: 33485

Discovery Date: 2005-10-06

CA Advisory Date: 2005-10-14

Discovered By: EMendoza


Impact: Remote attacker can execute arbitrary code with SYSTEM
privileges.


Summary: The Computer Associates iGateway common component, which
is included with several CA products for UNIX/Linux/Windows
platforms, contains a buffer overflow vulnerability that could
allow remote attackers to execute arbitrary code on Windows
platforms, or cause iGateway component failure (denial of
service) on UNIX and Linux. The vulnerability is due to improper
bounds checking on HTTP GET requests by the iGateway component
when debug mode is enabled.


Mitigating Factors: The potential for exploitation of this
vulnerability is very low for the following reasons.

1) A non-standard install of the iGateway component is required
to expose this vulnerability. Typically, the embedded iGateway
component is part of a non-interactive installation process.
Consequently, most systems (those that utilize the default
installation procedure) are not at risk.

2) If a non-standard install WAS performed, the iGateway
component is still unlikely to be vulnerable to this exploit,
because the flaw is only exposed if the component has been
manually configured to run with diagnostic debug tracing enabled.
Configuring the component to run in debug mode requires
administrative access to configuration files that reside on the
machine, and also requires that the iGateway service be stopped
and restarted by someone with administrative service privileges.
Configuring the iGateway service to operate in debug mode is
typically performed only at the direction of Computer Associates
support personnel who are working with a customer to troubleshoot
potential support issues.


Severity: Computer Associates has given this vulnerability a
Medium risk rating.


Affected Technologies: Please note that the iGateway component is
not a product, but rather a component that is included with
multiple products. The iGateway component is included in the
following Computer Associates products, which are consequently
potentially vulnerable. Note that iGateway component versions
less than 4.0.050615 are vulnerable to this issue.

Business Services Optimization (BSO) Products:
Advantage Data Transformer (ADT) R2.2
Harvest Change Manager R7.1

BrightStor Products:
BrightStor ARCserve Backup r11.5
BrightStor ARCserve Backup r11.1
BrightStor ARCserve Backup for Windows r11
BrightStor Enterprise Backup 10.5
BrightStor ARCserve Backup v9.01
BrightStor ARCserve Backup Laptop & Desktop r11.1
BrightStor ARCserve Backup Laptop & Desktop r11
BrightStor Process Automation Manager r11.1
BrightStor SAN Manager r11.1
BrightStor SAN Manager r11.5
BrightStor Storage Resource Manager r11.5
BrightStor Storage Resource Manager r11.1
BrightStor Storage Resource Manager 6.4
BrightStor Storage Resource Manager 6.3
BrightStor Portal 11.1

Note to BrightStor Storage Resource Manager and BrightStor Portal
users: In addition to the application servers where these
products are installed, all hosts that have iSponsors deployed to
them for managing applications like Veritas Volume Manager and
Tivoli TSM are also affected by this vulnerability.

eTrust Products:
eTrust Audit 1.5 SP2 (iRecorders and ARIES)
eTrust Audit 1.5 SP3 (iRecorders and ARIES)
eTrust Audit 8.0 (iRecorders and ARIES)
eTrust Admin 8.0
eTrust Admin 8.1
eTrust Identity Minder 8.0
eTrust Secure Content Manager (SCM) R8
eTrust Web Service Security R8
eTrust Integrated Threat Management (ITM) R8

Unicenter Products:
Unicenter CA Web Services Distributed Management R11
Unicenter AutoSys JM R11
Unicenter Management for WebLogic / Management for WebSphere R11
Unicenter Service Delivery R11
Unicenter Service Level Management (USLM) R11
Unicenter Application Performance Monitor R11
Unicenter Service Desk R11
Unicenter Service Desk Knowledge Tools R11
Unicenter Service Fulfillment 2.2
Unicenter Service Fulfillment R11
Unicenter Asset Portfolio Management R11
Unicenter Service Matrix Analysis R11
Unicenter Service Catalog/Fulfillment/Accounting R11
Unicetner MQ Management R11
Unicenter Application Server Managmenr R11
Unicenter Web Server Management R11
Unicenter Exchange Management R11


Status and Recommendation:
As an immediate and completely effective remediation solution,
simply do not operate the iGateway component in debug diagnostic
trace mode. To ensure that you are not running iGateway in debug
mode, look for the "Debug" parameter in your igateway.conf file,
and make sure that it is set to "False"
(i.e. <Debug>False</Debug>).

We have developed iGateway updates to completely address this
vulnerability. After our QA process is completed, the updates
will be posted to our SupportConnect web site
(http://supportconnect.ca.com). Step-by-step instructions to
determine a) if customers are vulnerable, and b) how to remediate
the issue, will be posted to http://supportconnect.ca.com site as
well.


Determining your version of iGateway:
To determine the version number of the iGateway component, browse
to the igateway directory and check the version listed in the
igateway.conf file.

On windows, this is %IGW_LOC%
Default path for v3.*: C:\Program Files\CA\igateway
Default path for v4.*: C:\Program
Files\CA\SharedComponents\iTechnology

On unix,
Default path for v3.*: /opt/CA/igateway
Default path for v4.*: the install directory path is contained
in opt/CA/SharedComponents/iTechnology location. The default
path is /opt/CA/SharedComponents/iTechnology.

Look at the <Version> element in igateway.conf.

The versions are affected by this vulnerability if you see a
value LESS THAN the following:
<Version>4.0.050615</Version> (note the format of v.s.YYMMDD)


References:
CA Security Advisor site
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33485

CVE Reference: CAN-2005-3190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3190

OSVDB Reference: OSVDB ID 19920
http://www.osvdb.org/displayvuln.php?osvdb_id=19920


Customers who require additional information should contact CA
Technical Support at http://supportconnect.ca.com.

For technical questions or comments related to this advisory,
please send email to vuln@ca.com, or contact me directly.

If you discover a vulnerability in CA products, please report
your findings to vuln@ca.com, or utilize our "Submit a
Vulnerability" form.
URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx


Respectfully,

Ken Williams ; Dir. Vuln Research
Computer Associates ; 0xE2941985


Computer Associates International, Inc. (CA).
One Computer Associates Plaza. Islandia, NY 11749

Contact Us http://ca.com/catalk.htm
Legal Notice http://ca.com/calegal.htm
Privacy Policy http://ca.com
Copyright 2005 Computer Associates International, Inc.
All rights reserved

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQ0/F4nklkd/ilBmFEQJD3wCfX9NgAlRJFZ5tY25X2JjgzkBNGZkAoJNk
Ye/d+Plo0fMUDSkKRugtLISZ
=TkXF
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

May 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    15 Files
  • 2
    May 2nd
    16 Files
  • 3
    May 3rd
    38 Files
  • 4
    May 4th
    15 Files
  • 5
    May 5th
    35 Files
  • 6
    May 6th
    0 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    8 Files
  • 9
    May 9th
    65 Files
  • 10
    May 10th
    19 Files
  • 11
    May 11th
    27 Files
  • 12
    May 12th
    8 Files
  • 13
    May 13th
    0 Files
  • 14
    May 14th
    1 Files
  • 15
    May 15th
    19 Files
  • 16
    May 16th
    66 Files
  • 17
    May 17th
    28 Files
  • 18
    May 18th
    32 Files
  • 19
    May 19th
    13 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    23 Files
  • 23
    May 23rd
    15 Files
  • 24
    May 24th
    49 Files
  • 25
    May 25th
    20 Files
  • 26
    May 26th
    13 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    11 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close