Description: Two vulnerabilities have been reported in various CA products, which can be exploited by malicious users to gain escalated privileges and by malicious people to compromise a vulnerable system.
1) A boundary error within the inoweb service when processing Console Server login credentials can be exploited to cause a stack-based buffer overflow via sending a specially crafted packet with overly long username and password fields to port 12168/TCP.
Successful exploitation allows execution of arbitrary code but requires an installation on the x86 platform with the Console Server installed.
The vulnerability affects the following products:
* CA Anti-Virus for the Enterprise r8
* CA Threat Manager r8
* CA Anti-Spyware r8
* CA Protection Suites r3
2) The problem is that the Task Service component (InoTask.exe) uses a shared file mapping with a NULL security descriptor. This can be exploited by malicious users to cause a stack-based buffer overflow within InoCore.dll by modifying a certain string within the file mapping.
Successful exploitation allows execution of arbitrary code with SYSTEM privileges.
The vulnerability affects the following products:
* CA Anti-Virus for the Enterprise r8
* CA Threat Manager r8
Solution: Patches are available via automatic updates.
Provided and/or discovered by: 1) Discovered by Tenable Network Security and reported via ZDI.
2) Discovered by binagres and reported via iDefense Labs.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
