Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security NTBugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

License Patches Are Now Available To Address Buffer Overflows

from [Williams, James K] Network Security [Permanent Link]
Subject: License Patches Are Now Available To Address Buffer Overflows
Date: Wed, 2 Mar 2005 10:40:26 -0500 

CA License Security Notice

Attention CA Customers:
License Patches Are Now Available To Address Buffer Overflows

Working closely with eEye Digital Security and iDEFENSE, the 
CA Technical Support team has resolved multiple vulnerability
issues recently discovered in the CA License software. Both 
eEye and iDEFENSE have confirmed that these vulnerabilities 
have been properly addressed. CA has made patches available 
to any affected license users. 

Buffer overflow conditions can potentially allow arbitrary 
code to be executed remotely with local SYSTEM privileges. 
This affects versions of the CA License software v1.53 
through v1.61.8 on the specified platforms. Customers with 
these vulnerable versions should upgrade to CA License 1.61.9
or higher. CA License patches that address these issues can 
be downloaded from the link below.

http://supportconnectw.ca.com/public/reglic/downloads/licensepatch.asp#alp 

CA strongly recommends the application of the appropriate CA
License patch. 

Affected products: 

The vulnerability exists if the CA License package version 
on the system is between v1.53 and v1.61.8. 

Affected platforms: 

AIX, DEC, HP-UX, Linux Intel, Linux s/390, Solaris, Windows 
and Apple Mac. 

Determining CA License versions: 

1. Obtain the CA License package version: 

Windows: The CA license package version can be obtained by 
checking the file version of lic98version.exe.  Right click 
on lic98version.exe, choose Properties, and then select the 
Version tab. 

Unix/Linux/Mac: Run lic98version from a command prompt to 
print out the version number and/or write it to 
lic98version.log. 

OR 

2. Obtain the version of the vulnerable file: 

If the lic98version file does not exist on the system (which 
may be the case with older versions of the license package), 
check the version of the affected file itself: 

Windows: Obtain the version of lic98rmt.exe by right-clicking 
on the file, choosing Properties, and then selecting the 
Version tab. The vulnerability exists if the version is 
between 0.1.0.15 and 1.4.6. 

Unix/Linux/Mac - Run strings licrmt | grep BUILD from a 
Command prompt.  The following string format will be returned: 
"LICAGENT BUILD INFO = /x.x.x/Apr 16 2003/17:13:35", Where 
x.x.x is the file version.  The vulnerability exists if this 
file version is between v1.0.15 thru v1.4.6. 

Note the following default license install directories: 
Windows: C:\CA_LIC or C:\Program Files\CA\SharedComponents\CA_LIC 
Unix/Linux/Mac: /opt/CA/ca_lic or /opt/CA/SharedComponents/ca_lic

Should you require additional information, please contact
CA Technical Support at http://supportconnect.ca.com.

Select Language for translations of this advisory:
English: http://supportconnectw.ca.com/public/ca_common_docs/security_notice.asp
Deutsch: http://www.ca.com/de/support/security_notice.htm
FranÃais: http://www.ca.com/france/notification_securite.htm
EspaÃol: http://www.ca.com/es/local/security_notice.htm
Japanese (ææè): 
http://www.casupport.jp/resources/info/050301security_notice.htm
Chinese (äæ): 
http://www.ca.com.cn/press/releases/2005/03/security_notice.htm
Italiano: http://www.ca.com/it/security_notice.htm/
PortuguÃs: http://www.ca.com/br/security_notice.htm

Computer Associates International, Inc. (CA). 
One Computer Associates Plaza. Islandia, NY 11749
        
Contact Us http://ca.com/catalk.htm
Legal Notice http://ca.com/calegal.htm
Privacy Policy http://ca.com
 2005 Computer Associates International, Inc. 
All rights reserved     

--
kw

Ken Williams ; Vulnerability Research
Computer Associates ; james.williams@ca.com
A9F9 44A6 B421 FF7D 4000 E6A9 7925 91DF E294 1985
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • License Patches Are Now Available To Address Buffer Overflows, Williams, James K <=
Next by Date:  EEYE: Computer Associates License Manager Remote Vulnerabilities, Karl Lynn
Next by Thread:  EEYE: Computer Associates License Manager Remote Vulnerabilities, Karl Lynn
Indexes:  [Date] [Thread] [Top] [All Lists]