CA iGateway Debug Mode HTTP GET Request Buffer Overflow - Secunia Advisories - Vulnerability Information

Vulnerability Information

Vulnerability Scanning

Community

Blog

Corporate Information

Home > Vulnerability Information > Secunia Advisories > CA iGateway Debug Mode HTTP GET Request Buffer Overflow

Secunia Advisories

Advisories

Advisories by Product

Business Solutions Restricted

Partner Solutions Restricted

About

CA iGateway Debug Mode HTTP GET Request Buffer Overflow

Secunia Advisory:

SA17085

Advisory Toolbox:

Issue ticket

Save in to-do list

Mark as handled

Exploit information

Download as PDF

Review actions

Add comment

Release Date:

2005-10-11

Last Update:

2005-10-19

Popularity:

10,238 views

Critical:

Moderately critical

Impact:

System access

Where:

From remote

Solution Status:

Vendor Patch

Software:

BrightStor ARCserve Backup 11.x
BrightStor ARCserve Backup 11.x (for Windows)
BrightStor ARCserve Backup 9.x
BrightStor Enterprise Backup 10.x
BrightStor Process Automation Manager 11.x
BrightStor Storage Resource Manager 11.x
BrightStor Storage Resource Manager 6.x
CA Advantage Data Transformer 2.x
CA AllFusion Harvest Change Manager 7.x
CA ARCserve Backup for Laptops & Desktops 11.x
CA BrightStor Portal 11.x
CA BrightStor SAN Manager 11.x
CA eTrust Admin 8.x
CA eTrust Audit 1.x
CA eTrust Audit 8.x
CA eTrust Identity Minder 8.x
CA Unicenter Service Fulfillment 2.x
eTrust Secure Content Manager (SCM)

Secunia CVSS-2 Score:

Available in Secunia business solutions

Subscribe:

Instant alerts on relevant vulnerabilities

Advisory Content (Page 1 of 3)

[ 1 ] [ 2 ] [ 3 ]

Secunia is hiring, read about the open positions here!

Description:
Erika Mendoza has reported a vulnerability in CA iGateway, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error when parsing HTTP GET requests. This can be exploited to cause a buffer overflow and allows arbitrary code execution.

Successful exploitation requires that debug mode is enabled.

The vulnerability has been reported in versions of iGateway prior to 4.0.050615, which is included with the following products:
* Advantage Data Transformer (ADT) R2.2
* Harvest Change Manager R7.1
* BrightStor ARCserve Backup r11.5
* BrightStor ARCserve Backup r11.1
* BrightStor ARCserve Backup for Windows r11
* BrightStor Enterprise Backup 10.5
* BrightStor ARCserve Backup v9.01
* BrightStor ARCserve Backup Laptop & Desktop r11.1
* BrightStor ARCserve Backup Laptop & Desktop r11
* BrightStor Process Automation Manager r11.1
* BrightStor SAN Manager r11.1
* BrightStor SAN Manager r11.5
* BrightStor Storage Resource Manager r11.5
* BrightStor Storage Resource Manager r11.1
* BrightStor Storage Resource Manager 6.4
* BrightStor Storage Resource Manager 6.3
* BrightStor Portal 11.1
* eTrust Audit 1.5 SP2 (iRecorders and ARIES)
* eTrust Audit 1.5 SP3 (iRecorders and ARIES)
* eTrust Audit 8.0 (iRecorders and ARIES)
* eTrust Admin 8.0
* eTrust Admin 8.1
* eTrust Identity Minder 8.0
* eTrust Secure Content Manager (SCM) R8
* eTrust Web Service Security R8
* eTrust Integrated Threat Management (ITM) R8
* Unicenter CA Web Services Distributed Management R11
* Unicenter AutoSys JM R11
* Unicenter Management for WebLogic / Management for WebSphere R11
* Unicenter Service Delivery R11
* Unicenter Service Level Management (USLM) R11
* Unicenter Application Performance Monitor R11
* Unicenter Service Desk R11
* Unicenter Service Desk Knowledge Tools R11
* Unicenter Service Fulfillment 2.2
* Unicenter Service Fulfillment R11
* Unicenter Asset Portfolio Management R11
* Unicenter Service Matrix Analysis R11
* Unicenter Service Catalog/Fulfillment/Accounting R11
* Unicenter MQ Management R11
* Unicenter Application Server Management R11
* Unicenter Web Server Management R11
* Unicenter Exchange Management R11

For BrightStor Storage Resource Manager and BrightStor Portal users, all hosts that have iSponsors deployed to them for managing applications like Veritas Volume Manager and Tivoli TSM are also affected by this vulnerability.

Note: Exploit code for this vulnerability is publicly available.

Change Page:
[ 1 ] [ 2 ] [ 3 ]

Track this Secunia Advisory

Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory

Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Latest Advisories

6th Nov, 2009

New advisories:	17
New vulnerabilities:	65
Updated advisories:	21

Less // 374 views

Debian update for linux-2.6.24

Less // 361 views

Debian update for linux-2.6

Moderately // 336 views

Gentoo update for horde

Moderately // 364 views

Portili Products Multiple Vulnerabilities

Less // 348 views

Fedora update for kernel

Less // 337 views

Fedora update for kernel

Moderately // 340 views

Ubuntu update for libgd2

Moderately // 356 views

Ubuntu update for libgd2

Highly // 357 views

Fedora update for alienarena-data

Less // 504 views

GnuTLS TLS Session Renegotiation Plaintext Injection Vulnerability

Solutions | More...

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.