Forum Index
Home Forum Radio Memberlist Help Search Quick Links

It appears you have not yet registered with our community which limits what you can do & see. It's Free To register, please click here.



Forum Index » Internet » Security Alerts and vulnerabilities » Multiply Vulnerabilities With Computer Associates
Register Calendar Gallery Mark Forums Read

Security Alerts and vulnerabilities Lets keep abreast on the latest threats by posting those findings here..

Reply
 
Thread Tools Display Modes
  #1  
Old 03-06-2005, 08:12 PM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,587
Send a message via ICQ to Mobo Send a message via AIM to Mobo Send a message via MSN to Mobo Send a message via Yahoo to Mobo Send a message via Skype™ to Mobo
The Computer Associates License Client/Server applications provide a method for CA products to register their licenses on the network.

The CA Licence client/server contains multiply vulnerabilities.


Vulnerable Systems:
* CA License software v1.53 through v1.61.8.

The vulnerability specifically exists because of insufficient bounds checking on user-supplied values in requests with an invalid format.
When a packet containing an overly long string which is not a valid command is received, the server uses that string to generate a log message without checking if the buffer that the message is being stored in is large enough. By sending a string over 2100 bytes long, it is
possible to overwrite the saved instruction pointer, allowing execution of arbitrary code.

Patches are available from CA to meet this vulnerability at the link below:
http://supportconnectw.ca.com/public/ca_co...rity_notice.asp
Reply With Quote
Posted


Reply

  • Submit Thread to Digg Digg
  • Submit Thread to del.icio.us del.icio.us
  • Submit Thread to StumbleUpon StumbleUpon
  • Submit Thread to Google Google
    • Bookmarks

    « Previous Thread | Next Thread »
    Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
     
    Thread Tools
    Display Modes
    Linear Mode Linear Mode

    Posting Rules
    You may not post new threads
    You may not post replies
    You may not post attachments
    You may not edit your posts
    BB code is On
    Smilies are On
    [IMG] code is On
    HTML code is Off
    Forum Jump

    Similar Threads
    Thread Thread Starter Forum Replies Last Post
    Multiple Vulnerabilities in Mozilla Firefox, Netscape Mobo Security Alerts and vulnerabilities 0 09-23-2005 09:56 PM
    Computer Infested With Tons Of Spyware ScionStatic Spyware / Virus Removal 3 07-23-2005 09:03 PM
    Trojandownloader And Unremovable Files- Woes Me ibrbrt Spyware / Virus Removal 9 06-18-2005 12:28 PM
    Computer Associates eTrust Intrusion Detection Mobo Security Alerts and vulnerabilities 0 04-07-2005 10:33 PM
    E-trust ( Computer Associates) Mobo Software Update Alerts 0 11-16-2004 09:33 PM



    All times are GMT -5. The time now is 02:00 PM.

    Contact Us - CyberAnswers - Archive - Privacy Statement - Top

    Firefox 2