Vulnerability CVE-2005-3653
Published: 2005-12-31   Modified: 2012-02-12

Description:
Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field.

See advisories in our WLB2 database:
Topic
Author
Date
High
CA iGateway Content-Length Buffer Overflow Vulnerability [v1.1]
Erika Mendoza
28.01.2006

Type:

CWE-119

 (Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
CA -> Unicenter application performance monitor 
CA -> Brightstor arcserve backup 
CA -> Unicenter application server managment 
CA -> Brightstor arcserve backup laptops desktops 
CA -> Unicenter asset portfolio management 
CA -> Brightstor enterprise backup 
CA -> Unicenter autosys jm 
CA -> Brightstor portal 
CA -> Unicenter ca web services distributed management 
CA -> Brightstor process automation manager 
CA -> Unicenter exchange management console 
CA -> Brightstor san manager 
CA -> Unicenter management 
CA -> Brightstor storage resource manager 
CA -> Unicenter service catalog fulfillment accounting 
CA -> Etrust admin 
CA -> Unicenter service delivery 
CA -> Etrust audit aries 
CA -> Unicenter service desk 
CA -> Etrust audit irecorder 
CA -> Unicenter service desk knowledge tools 
CA -> Etrust directory 
CA -> Unicenter service fulfillment 
CA -> Etrust identity minder 
CA -> Unicenter service level management 
CA -> Etrust integrated threat management 
CA -> Unicenter service metric analysis 
CA -> Etrust secure content manager 
CA -> Unicenter web server management 
CA -> Itechnology igateway 
CA -> Unicenter web services distributed management 

 References:
http://marc.info/?l=full-disclosure&m=113803349715927&w=2
http://securityreason.com/securityalert/380
http://securitytracker.com/id?1015526
http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376
http://www.securityfocus.com/archive/1/423288/100/0/threaded
http://www.securityfocus.com/archive/1/423403/100/0/threaded
http://www.securityfocus.com/bid/16354
http://www.vupen.com/english/advisories/2006/0311
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778
https://exchange.xforce.ibmcloud.com/vulnerabilities/24269
Copyright 2024, cxsecurity.com

 

Back to Top