Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[NEWS] Computer Associates iGateway Debug Mode Buffer Overflow

from [SecuriTeam] Network Security [Permanent Link]
Subject: [NEWS] Computer Associates iGateway Debug Mode Buffer Overflow
Date: 6 Nov 2005 15:06:15 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  Computer Associates iGateway Debug Mode Buffer Overflow
------------------------------------------------------------------------


SUMMARY

Computer Associates iGateway contains a buffer overflow vulnerability that 
allows remote attackers to execute arbitrary code.

DETAILS

Vulnerable Systems:
 * iGateway component versions 4.0.050615 and prior
 * BrightStor ARCserve Backup version r11.5
 * BrightStor ARCserve Backup version r11.1
 * BrightStor ARCserve Backup for Windows version r11
 * BrightStor Enterprise Backup version 10.5
 * BrightStor ARCserve Backup version 9.01
 * BrightStor ARCserve Backup Laptop & Desktop version r11.1
 * BrightStor ARCserve Backup Laptop & Desktop version r11
 * BrightStor Process Automation Manager version r11.1
 * BrightStor SAN Manager version r11.1
 * BrightStor SAN Manager version r11.5
 * BrightStor Storage Resource Manager version r11.5
 * BrightStor Storage Resource Manager version r11.1
 * BrightStor Storage Resource Manager version 6.4
 * BrightStor Storage Resource Manager version 6.3
 * BrightStor Portal version 11.1
 * eTrust Audit version 1.5 SP2 (iRecorders and ARIES)
 * eTrust Audit version 1.5 SP3 (iRecorders and ARIES)
 * eTrust Audit version 8.0 (iRecorders and ARIES)
 * eTrust Admin version 8.0
 * eTrust Admin version 8.1
 * eTrust Identity Minder version 8.0
 * eTrust Secure Content Manager (SCM) version R8
 * eTrust Web Service Security version R8
 * eTrust Integrated Threat Management (ITM) version R8
 * Unicenter CA Web Services Distributed Management version R11
 * Unicenter AutoSys JM version R11
 * Unicenter Management for WebLogic / Management for WebSphere version 
R11
 * Unicenter Service Delivery version R11
 * Unicenter Service Level Management (USLM) version R11
 * Unicenter Application Performance Monitor version R11
 * Unicenter Service Desk version R11
 * Unicenter Service Desk Knowledge Tools version R11
 * Unicenter Service Fulfillment version 2.2
 * Unicenter Service Fulfillment version R11
 * Unicenter Asset Portfolio Management version R11
 * Unicenter Service Matrix Analysis version R11
 *  * Unicenter Service Catalog/Fulfillment/Accounting version R11
 * Unicetner MQ Management version R11
 * Unicenter Application Server Managmenr version R11
 * Unicenter Web Server Management version R11
 * Unicenter Exchange Management version R11

The Computer Associates iGateway common component, which is included with 
several CA products for UNIX/Linux/Windows platforms, contains a buffer 
overflow vulnerability that could allow remote attackers to execute 
arbitrary code on Windows platforms, or cause iGateway component failure 
(denial of service) on UNIX and Linux.  The vulnerability is due to 
improper bounds checking on HTTP GET requests by the iGateway component 
when debug mode is enabled.

A non-standard install of the iGateway component is required to expose 
this vulnerability.  Typically, the embedded iGateway component is part of 
a non-interactive installation process.
Consequently, most systems (those that utilize the default installation 
procedure) are not at risk.

If a non-standard install WAS performed, the iGateway component is still 
unlikely to be vulnerable to this exploit, because the flaw is only 
exposed if the component has been manually configured to run with 
diagnostic debug tracing enabled.

Configuring the component to run in debug mode requires administrative 
access to configuration files that reside on the machine, and also 
requires that the iGateway service be stopped and restarted by someone 
with administrative service privileges.

Configuring the iGateway service to operate in debug mode is typically 
performed only at the direction of Computer Associates support personnel 
who are working with a customer to troubleshoot potential support issues.

Workaround:
Do not operate the iGateway component in debug diagnostic trace mode. To 
ensure that you are not running iGateway in debug mode, look for the 
"Debug" parameter in your igateway.conf file, and make sure that it is set 
to "False" (i.e. <Debug>False</Debug>).

To determine the version number of the iGateway component, browse to the 
igateway directory and check the version listed in the igateway.conf file.

On Windows, this is %IGW_LOC%
Default path for v3.*: C:\Program Files\CA\igateway
Default path for v4.*: C:\Program Files\CA\SharedComponents\iTechnology

On UNIX,
Default path for v3.*:  /opt/CA/igateway
Default path for v4.*:  the install directory path is contained in 
opt/CA/SharedComponents/iTechnology location.  The default path is 
/opt/CA/SharedComponents/iTechnology.

Look at the <Version> element in igateway.conf.

The versions are affected by this vulnerability if you see a value LESS 
THAN the following:
<Version>4.0.050615</Version>  (note the format of v.s.YYMMDD)

Vendor Status:
The vendor has issued a fix for the issue available at:  
<http://supportconnect.ca.com> http://supportconnect.ca.com

CVE Information:
 <http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3190> 
CAN-2005-3190

OSVDB Information:
 <http://www.osvdb.org/displayvuln.php?osvdb_id=19920> 
http://www.osvdb.org/displayvuln.php?osvdb_id=19920


ADDITIONAL INFORMATION

The information has been provided by  <mailto:James.Williams@ca.com> 
Williams, James K.
The original article can be found at:  
<http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33485> 
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33485



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [NEWS] Computer Associates iGateway Debug Mode Buffer Overflow, SecuriTeam <=
Previous by Date:  [EXPL] Computer Associates iGateway Debug Mode Buffer Overflow (Exploit), SecuriTeam
Next by Date:  [NT] FileZilla Server Terminal Buffer Overflow, SecuriTeam
Previous by Thread:  [EXPL] Computer Associates iGateway Debug Mode Buffer Overflow (Exploit), SecuriTeam
Next by Thread:  [NT] FileZilla Server Terminal Buffer Overflow, SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]