var-200512-0273
Vulnerability from variot
Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field. The attacker can trigger the vulnerability by supplying a negative HTTP Content-Length value and a large URI to the service. A successful attack can result in corrupting process memory and the execution of arbitrary code with SYSTEM privileges on Windows platforms. The vendor has reported that this issue triggers only a denial-of-service condition on other platforms. Products containing iGateway 4.0.051230 are vulnerable to this issue. iTechnology is an integrated technology that provides standard Web service interfaces for third-party products. There is a heap overflow vulnerability in iTechnology's processing of HTTP request headers. iGateway service monitors standard HTTP or SSL communication on port 5250. The service does not properly handle negative HTTP Content-Length fields. iGateway parses the Content-length field value of the HTTP request and uses this value directly in the malloc() heap allocation call, so if a negative value is provided, the heap allocation call will return a small buffer. After the malloc() call, memcpy the provided URI to the allocated buffer and overwrite it to the heap.
TITLE: CA Products iGateway Service Content-Length Buffer Overflow
SECUNIA ADVISORY ID: SA18591
VERIFY ADVISORY: http://secunia.com/advisories/18591/
CRITICAL: Moderately critical
IMPACT: System access
WHERE:
From local network
SOFTWARE: BrightStor ARCserve Backup 11.x http://secunia.com/product/312/ BrightStor ARCserve Backup 11.x (for Windows) http://secunia.com/product/3099/ BrightStor ARCserve Backup 9.x http://secunia.com/product/313/ BrightStor ARCserve Backup for Laptops & Desktops 11.x http://secunia.com/product/5906/ BrightStor Enterprise Backup 10.x http://secunia.com/product/314/ BrightStor Process Automation Manager 11.x http://secunia.com/product/5908/ BrightStor Storage Resource Manager 11.x http://secunia.com/product/5909/ BrightStor Storage Resource Manager 6.x http://secunia.com/product/5910/ CA Advantage Data Transformer 2.x http://secunia.com/product/5904/ CA AllFusion Harvest Change Manager 7.x http://secunia.com/product/5905/ CA BrightStor Portal 11.x http://secunia.com/product/5577/ CA BrightStor SAN Manager 11.x http://secunia.com/product/5576/ CA eTrust Admin 8.x http://secunia.com/product/5584/ CA eTrust Audit 1.x http://secunia.com/product/5911/ CA eTrust Audit 8.x http://secunia.com/product/5912/ CA eTrust Identity Minder 8.x http://secunia.com/product/5913/ CA Unicenter Service Fulfillment 2.x http://secunia.com/product/5942/ eTrust Secure Content Manager (SCM) http://secunia.com/product/3391/
DESCRIPTION: Erika Mendoza has reported a vulnerability in various CA products, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error in the handling of HTTP data in the iGateway component.
SOLUTION: Update the iGateway component to version 4.0.051230 or later. ftp://ftp.ca.com/pub/iTech/downloads/
PROVIDED AND/OR DISCOVERED BY: Erika Mendoza
ORIGINAL ADVISORY: Computer Associates: http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778
iDEFENSE: http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. Please see below for important changes to CAID 33778 (aka CVE-2005-3653; OSVDB 22688; X-Force 24269; SecurityTracker Alert ID 1015526). Changelog is near end of advisory.
Regards, Ken Williams
Title: CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability [v1.1]
CA Vulnerability ID: 33778
CA Advisory Date: 2006-01-23 Updated Advisory [v1.1]: 2006-01-26
Discovered By: Erika Mendoza reported this issue to iDefense.
Mitigating Factors: None.
Severity: CA has given this vulnerability a Medium risk rating.
Affected Technologies: Please note that the iGateway component is not a product, but rather a common component that is included with multiple products. The iGateway component is included in the following CA products, which are consequently potentially vulnerable.
Affected Products:
BrightStor ARCserve Backup r11.5 BrightStor ARCserve Backup r11.1 BrightStor ARCserve Backup for Windows r11 BrightStor Enterprise Backup 10.5 BrightStor ARCserve Backup v9.01 BrightStor ARCserve Backup Laptop & Desktop r11.1 BrightStor ARCserve Backup Laptop & Desktop r11 BrightStor Process Automation Manager r11.1 BrightStor SAN Manager r11.1 BrightStor SAN Manager r11.5 BrightStor Storage Resource Manager r11.5 BrightStor Storage Resource Manager r11.1 BrightStor Storage Resource Manager 6.4 BrightStor Storage Resource Manager 6.3 BrightStor Portal 11.1
Note to BrightStor Storage Resource Manager and BrightStor Portal users: In addition to the application servers where these products are installed, all hosts that have iSponsors deployed to them for managing applications like Veritas Volume Manager and Tivoli TSM are also affected by this vulnerability.
eTrust Products: eTrust Audit 1.5 SP2 (iRecorders and ARIES) eTrust Audit 1.5 SP3 (iRecorders and ARIES) eTrust Audit 8.0 (iRecorders and ARIES) eTrust Admin 8.1 eTrust Identity Minder 8.0 eTrust Secure Content Manager (SCM) R8 eTrust Integrated Threat Management (ITM) R8 eTrust Directory, R8.1 (Web Components Only)
Unicenter Products: Unicenter CA Web Services Distributed Management R11 Unicenter AutoSys JM R11 Unicenter Management for WebLogic / Management for WebSphere R11 Unicenter Service Delivery R11 Unicenter Service Level Management (USLM) R11 Unicenter Application Performance Monitor R11 Unicenter Service Desk R11 Unicenter Service Desk Knowledge Tools R11 Unicenter Asset Portfolio Management R11 Unicenter Service Metric Analysis R11 Unicenter Service Catalog/Assure/Accounting R11 Unicenter MQ Management R11 Unicenter Application Server Management R11 Unicenter Web Server Management R11 Unicenter Exchange Management R11
Affected platforms: AIX, HP-UX, Linux Intel, Solaris, and Windows
Status and Recommendation: Customers with vulnerable versions of the iGateway component should upgrade to the current version of iGateway (4.0.051230 or later), which is available for download from the following locations: http://supportconnect.ca.com/ ftp://ftp.ca.com/pub/iTech/downloads/
Determining the version of iGateway: To determine the version numbers of the iGateway components:
Go to the igateway directory:
On windows, this is %IGW_LOC% Default path for v3.: C:\Program Files\CA\igateway Default path for v4.: C:\Program Files\CA\SharedComponents\iTechnology
On unix, Default path for v3.: /opt/CA/igateway Default path for v4.: the install directory path is contained in opt/CA/SharedComponents/iTechnology.location. The default path is /opt/CA/SharedComponents/iTechnology
Look at the element in igateway.conf.
The versions are affected by this vulnerability if you see a value LESS THAN the following: 4.0.051230 (note the format of v.s.YYMMDD)
References: (note that URLs may wrap) CA SupportConnect: http://supportconnect.ca.com/ http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_not ice.asp
CAID: 33778 CAID Advisory link: http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778
CVE Reference: CVE-2005-3653 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3653
OSVDB Reference: OSVDB-22688 http://osvdb.org/22688
iDefense Reference: Computer Associates iTechnology iGateway Service Content-Length Buffer Overflow http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376
Changelog: v1.0 - Initial Release v1.1 - Removed several unaffected technologies; added more reference links.
Customers who require additional information should contact CA Technical Support at http://supportconnect.ca.com.
For technical questions or comments related to this advisory, please send email to vuln@ca.com, or contact me directly.
If you discover a vulnerability in CA products, please report your findings to vuln@ca.com, or utilize our "Submit a Vulnerability" form. URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx
Regards, Ken Williams ; 0xE2941985 Dir. of CA Vulnerability Research Team
CA, One Computer Associates Plaza. Islandia, NY 11749
Contact http://www3.ca.com/contact/ Legal Notice http://ca.com/calegal.htm Privacy Policy http://www.ca.com/caprivacy.htm Copyright 2006 CA. All rights reserved
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "unicenter application performance monitor",
"scope": "eq",
"trust": 1.6,
"vendor": "ca",
"version": "11.0"
},
{
"_id": null,
"model": "etrust secure content manager",
"scope": "eq",
"trust": 1.6,
"vendor": "ca",
"version": "8.0"
},
{
"_id": null,
"model": "brightstor arcserve backup",
"scope": "eq",
"trust": 1.6,
"vendor": "ca",
"version": "11"
},
{
"_id": null,
"model": "etrust directory",
"scope": "eq",
"trust": 1.6,
"vendor": "ca",
"version": "8.1_web_components"
},
{
"_id": null,
"model": "unicenter application server managment",
"scope": "eq",
"trust": 1.6,
"vendor": "ca",
"version": "11.0"
},
{
"_id": null,
"model": "unicenter web services distributed management",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "11.0"
},
{
"_id": null,
"model": "itechnology igateway",
"scope": "lte",
"trust": 1.0,
"vendor": "broadcom",
"version": "4.0.050615"
},
{
"_id": null,
"model": "etrust audit irecorder",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "1.5"
},
{
"_id": null,
"model": "brightstor arcserve backup laptops desktops",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11.1"
},
{
"_id": null,
"model": "etrust admin",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "8.1"
},
{
"_id": null,
"model": "brightstor san manager",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11.5"
},
{
"_id": null,
"model": "unicenter service catalog fulfillment accounting",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "11.0"
},
{
"_id": null,
"model": "etrust audit irecorder",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "8.0"
},
{
"_id": null,
"model": "unicenter management",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "3.5"
},
{
"_id": null,
"model": "brightstor portal",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11.1"
},
{
"_id": null,
"model": "unicenter service desk",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11.0"
},
{
"_id": null,
"model": "brightstor storage resource manager",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11.5"
},
{
"_id": null,
"model": "brightstor process automation manager",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11.1"
},
{
"_id": null,
"model": "unicenter asset portfolio management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11.0"
},
{
"_id": null,
"model": "brightstor arcserve backup",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11.1"
},
{
"_id": null,
"model": "unicenter service desk knowledge tools",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11.0"
},
{
"_id": null,
"model": "brightstor arcserve backup laptops desktops",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11.0"
},
{
"_id": null,
"model": "brightstor storage resource manager",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.4"
},
{
"_id": null,
"model": "etrust identity minder",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "8.0"
},
{
"_id": null,
"model": "brightstor enterprise backup",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "10.0"
},
{
"_id": null,
"model": "brightstor san manager",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11.1"
},
{
"_id": null,
"model": "brightstor enterprise backup",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "10.5"
},
{
"_id": null,
"model": "brightstor arcserve backup",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "9.01"
},
{
"_id": null,
"model": "brightstor storage resource manager",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.3"
},
{
"_id": null,
"model": "unicenter ca web services distributed management",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "11.0"
},
{
"_id": null,
"model": "unicenter autosys jm",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11.0"
},
{
"_id": null,
"model": "unicenter service metric analysis",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11.0"
},
{
"_id": null,
"model": "unicenter management",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "11.0"
},
{
"_id": null,
"model": "unicenter web server management",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "11.0"
},
{
"_id": null,
"model": "unicenter service fulfillment",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "11.0"
},
{
"_id": null,
"model": "brightstor storage resource manager",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11.1"
},
{
"_id": null,
"model": "unicenter exchange management console",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "11.0"
},
{
"_id": null,
"model": "etrust integrated threat management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "8.0"
},
{
"_id": null,
"model": "etrust audit aries",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "8.0"
},
{
"_id": null,
"model": "unicenter service delivery",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11.0"
},
{
"_id": null,
"model": "brightstor arcserve backup",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11.5"
},
{
"_id": null,
"model": "unicenter service level management",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "11.0"
},
{
"_id": null,
"model": "unicenter service fulfillment",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "2.2"
},
{
"_id": null,
"model": "etrust audit aries",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "1.5"
},
{
"_id": null,
"model": "brightstor arcserve backup",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "9.01"
},
{
"_id": null,
"model": "etrust integrated threat management",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "8.0"
},
{
"_id": null,
"model": "unicenter asset portfolio management",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "11.0"
},
{
"_id": null,
"model": "etrust identity minder",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "8.0"
},
{
"_id": null,
"model": "brightstor arcserve backup laptops desktops",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "11.0"
},
{
"_id": null,
"model": "associates unicenter web server management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"_id": null,
"model": "associates unicenter service matrix analysis",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"_id": null,
"model": "associates unicenter service level management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"_id": null,
"model": "associates unicenter service fulfillment",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"_id": null,
"model": "associates unicenter service fulfillment",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
},
{
"_id": null,
"model": "associates unicenter service desk knowledge tools",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"_id": null,
"model": "associates unicenter service desk",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"_id": null,
"model": "associates unicenter service delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"_id": null,
"model": "associates unicenter service catalog/fulfillment/accounting",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"_id": null,
"model": "associates unicenter mq management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"_id": null,
"model": "associates unicenter management for websphere",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"_id": null,
"model": "associates unicenter management for weblogic",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"_id": null,
"model": "associates unicenter exchange management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"_id": null,
"model": "associates unicenter ca web services distributed management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"_id": null,
"model": "associates unicenter autosys jm",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"_id": null,
"model": "associates unicenter asset portfolio management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"_id": null,
"model": "associates unicenter application server managment",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"_id": null,
"model": "associates unicenter application performance monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"_id": null,
"model": "associates etrust secure content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"_id": null,
"model": "associates etrust integrated threat management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"_id": null,
"model": "associates etrust identity minder",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"_id": null,
"model": "associates etrust directory",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"_id": null,
"model": "associates etrust audit irecorders",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"_id": null,
"model": "associates etrust audit irecorders sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.5"
},
{
"_id": null,
"model": "associates etrust audit irecorders sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.5"
},
{
"_id": null,
"model": "associates etrust audit aries",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"_id": null,
"model": "associates etrust audit aries sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.5"
},
{
"_id": null,
"model": "associates etrust audit aries sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.5"
},
{
"_id": null,
"model": "associates etrust admin",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"_id": null,
"model": "associates brightstor srm",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"_id": null,
"model": "associates brightstor srm",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"_id": null,
"model": "associates brightstor srm",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.4"
},
{
"_id": null,
"model": "associates brightstor srm",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.3"
},
{
"_id": null,
"model": "associates brightstor san manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"_id": null,
"model": "associates brightstor san manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"_id": null,
"model": "associates brightstor process automation manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"_id": null,
"model": "associates brightstor portal",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"_id": null,
"model": "associates brightstor enterprise backup for windows bit",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6410.5"
},
{
"_id": null,
"model": "associates brightstor enterprise backup for tru64",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.5"
},
{
"_id": null,
"model": "associates brightstor enterprise backup for solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.5"
},
{
"_id": null,
"model": "associates brightstor enterprise backup for solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.0"
},
{
"_id": null,
"model": "associates brightstor arcserve backup for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
},
{
"_id": null,
"model": "associates brightstor arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"_id": null,
"model": "associates brightstor arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"_id": null,
"model": "associates brightstor arcserve backup",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "9.01"
},
{
"_id": null,
"model": "associates arcserve backup for laptops and desktops",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"_id": null,
"model": "associates arcserve backup for laptops and desktops",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.0"
}
],
"sources": [
{
"db": "BID",
"id": "16354"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-713"
},
{
"db": "NVD",
"id": "CVE-2005-3653"
}
]
},
"credits": {
"_id": null,
"data": "Erika Mendoza",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-713"
}
],
"trust": 0.6
},
"cve": "CVE-2005-3653",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2005-3653",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-14861",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2005-3653",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200512-713",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-14861",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14861"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-713"
},
{
"db": "NVD",
"id": "CVE-2005-3653"
}
]
},
"description": {
"_id": null,
"data": "Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field. \nThe attacker can trigger the vulnerability by supplying a negative HTTP Content-Length value and a large URI to the service. \nA successful attack can result in corrupting process memory and the execution of arbitrary code with SYSTEM privileges on Windows platforms. The vendor has reported that this issue triggers only a denial-of-service condition on other platforms. \nProducts containing iGateway 4.0.051230 are vulnerable to this issue. iTechnology is an integrated technology that provides standard Web service interfaces for third-party products. There is a heap overflow vulnerability in iTechnology\u0027s processing of HTTP request headers. iGateway service monitors standard HTTP or SSL communication on port 5250. The service does not properly handle negative HTTP Content-Length fields. iGateway parses the Content-length field value of the HTTP request and uses this value directly in the malloc() heap allocation call, so if a negative value is provided, the heap allocation call will return a small buffer. After the malloc() call, memcpy the provided URI to the allocated buffer and overwrite it to the heap. \n\nTITLE:\nCA Products iGateway Service Content-Length Buffer Overflow\n\nSECUNIA ADVISORY ID:\nSA18591\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/18591/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nBrightStor ARCserve Backup 11.x\nhttp://secunia.com/product/312/\nBrightStor ARCserve Backup 11.x (for Windows)\nhttp://secunia.com/product/3099/\nBrightStor ARCserve Backup 9.x\nhttp://secunia.com/product/313/\nBrightStor ARCserve Backup for Laptops \u0026 Desktops 11.x\nhttp://secunia.com/product/5906/\nBrightStor Enterprise Backup 10.x\nhttp://secunia.com/product/314/\nBrightStor Process Automation Manager 11.x\nhttp://secunia.com/product/5908/\nBrightStor Storage Resource Manager 11.x\nhttp://secunia.com/product/5909/\nBrightStor Storage Resource Manager 6.x\nhttp://secunia.com/product/5910/\nCA Advantage Data Transformer 2.x\nhttp://secunia.com/product/5904/\nCA AllFusion Harvest Change Manager 7.x\nhttp://secunia.com/product/5905/\nCA BrightStor Portal 11.x\nhttp://secunia.com/product/5577/\nCA BrightStor SAN Manager 11.x\nhttp://secunia.com/product/5576/\nCA eTrust Admin 8.x\nhttp://secunia.com/product/5584/\nCA eTrust Audit 1.x\nhttp://secunia.com/product/5911/\nCA eTrust Audit 8.x\nhttp://secunia.com/product/5912/\nCA eTrust Identity Minder 8.x\nhttp://secunia.com/product/5913/\nCA Unicenter Service Fulfillment 2.x\nhttp://secunia.com/product/5942/\neTrust Secure Content Manager (SCM)\nhttp://secunia.com/product/3391/\n\nDESCRIPTION:\nErika Mendoza has reported a vulnerability in various CA products,\nwhich can be exploited by malicious people to compromise a vulnerable\nsystem. \n\nThe vulnerability is caused due to a boundary error in the handling\nof HTTP data in the iGateway component. \n\nSOLUTION:\nUpdate the iGateway component to version 4.0.051230 or later. \nftp://ftp.ca.com/pub/iTech/downloads/\n\nPROVIDED AND/OR DISCOVERED BY:\nErika Mendoza\n\nORIGINAL ADVISORY:\nComputer Associates: \nhttp://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778\n\niDEFENSE:\nhttp://www.idefense.com/intelligence/vulnerabilities/display.php?id=376\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \nPlease see below for important changes to CAID 33778 (aka CVE-2005-3653;\nOSVDB 22688; X-Force 24269; SecurityTracker Alert ID 1015526). \nChangelog is near end of advisory. \n\nRegards,\nKen Williams\n\n\nTitle: CAID 33778 - CA iGateway Content-Length Buffer Overflow \nVulnerability [v1.1]\n\nCA Vulnerability ID: 33778\n\nCA Advisory Date: 2006-01-23\nUpdated Advisory [v1.1]: 2006-01-26\n\nDiscovered By: Erika Mendoza reported this issue to iDefense. \n\n\nMitigating Factors: None. \n\n\nSeverity: CA has given this vulnerability a Medium risk rating. \n\n\nAffected Technologies: Please note that the iGateway component is\nnot a product, but rather a common component that is included \nwith multiple products. The iGateway component is included in \nthe following CA products, which are consequently potentially \nvulnerable. \n\n\nAffected Products:\n\nBrightStor ARCserve Backup r11.5\nBrightStor ARCserve Backup r11.1\nBrightStor ARCserve Backup for Windows r11\nBrightStor Enterprise Backup 10.5\nBrightStor ARCserve Backup v9.01\nBrightStor ARCserve Backup Laptop \u0026 Desktop r11.1\nBrightStor ARCserve Backup Laptop \u0026 Desktop r11\nBrightStor Process Automation Manager r11.1\nBrightStor SAN Manager r11.1\nBrightStor SAN Manager r11.5\nBrightStor Storage Resource Manager r11.5\nBrightStor Storage Resource Manager r11.1\nBrightStor Storage Resource Manager 6.4\nBrightStor Storage Resource Manager 6.3\nBrightStor Portal 11.1\n\nNote to BrightStor Storage Resource Manager and BrightStor Portal\nusers: In addition to the application servers where these products \nare installed, all hosts that have iSponsors deployed to them for \nmanaging applications like Veritas Volume Manager and Tivoli TSM \nare also affected by this vulnerability. \n\neTrust Products:\neTrust Audit 1.5 SP2 (iRecorders and ARIES)\neTrust Audit 1.5 SP3 (iRecorders and ARIES)\neTrust Audit 8.0 (iRecorders and ARIES)\neTrust Admin 8.1\neTrust Identity Minder 8.0\neTrust Secure Content Manager (SCM) R8\neTrust Integrated Threat Management (ITM) R8\neTrust Directory, R8.1 (Web Components Only)\n\nUnicenter Products:\nUnicenter CA Web Services Distributed Management R11\nUnicenter AutoSys JM R11\nUnicenter Management for WebLogic / Management for WebSphere R11\nUnicenter Service Delivery R11\nUnicenter Service Level Management (USLM) R11\nUnicenter Application Performance Monitor R11\nUnicenter Service Desk R11\nUnicenter Service Desk Knowledge Tools R11\nUnicenter Asset Portfolio Management R11\nUnicenter Service Metric Analysis R11\nUnicenter Service Catalog/Assure/Accounting R11\nUnicenter MQ Management R11\nUnicenter Application Server Management R11\nUnicenter Web Server Management R11\nUnicenter Exchange Management R11\n\n\nAffected platforms:\nAIX, HP-UX, Linux Intel, Solaris, and Windows\n\n\nStatus and Recommendation: \nCustomers with vulnerable versions of the iGateway component \nshould upgrade to the current version of iGateway (4.0.051230 or \nlater), which is available for download from the following \nlocations:\nhttp://supportconnect.ca.com/\nftp://ftp.ca.com/pub/iTech/downloads/\n\n\nDetermining the version of iGateway:\nTo determine the version numbers of the iGateway components:\n\nGo to the igateway directory:\n\nOn windows, this is %IGW_LOC%\nDefault path for v3.*: C:\\Program Files\\CA\\igateway\nDefault path for v4.*: \nC:\\Program Files\\CA\\SharedComponents\\iTechnology\n\nOn unix, \nDefault path for v3.*: \t/opt/CA/igateway\nDefault path for v4.*: \tthe install directory path is contained in \nopt/CA/SharedComponents/iTechnology.location. \nThe default path is /opt/CA/SharedComponents/iTechnology\n\nLook at the \u003cVersion\u003e element in igateway.conf. \n\nThe versions are affected by this vulnerability if you see \na value LESS THAN the following: \n\u003cVersion\u003e4.0.051230\u003c/Version\u003e (note the format of v.s.YYMMDD)\n\n\nReferences: \n(note that URLs may wrap)\nCA SupportConnect:\nhttp://supportconnect.ca.com/\nhttp://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_not\nice.asp\n\nCAID: 33778\nCAID Advisory link: \nhttp://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778\n\nCVE Reference: CVE-2005-3653\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3653\n\nOSVDB Reference: OSVDB-22688\nhttp://osvdb.org/22688\n\niDefense Reference:\nComputer Associates iTechnology iGateway Service Content-Length \nBuffer Overflow\nhttp://www.idefense.com/intelligence/vulnerabilities/display.php?id=376\n\n\nChangelog:\nv1.0 - Initial Release\nv1.1 - Removed several unaffected technologies; added more \nreference links. \n\n\nCustomers who require additional information should contact CA \nTechnical Support at http://supportconnect.ca.com. \n\nFor technical questions or comments related to this advisory,\nplease send email to vuln@ca.com, or contact me directly. \n\nIf you discover a vulnerability in CA products, please report\nyour findings to vuln@ca.com, or utilize our \"Submit a \nVulnerability\" form. \nURL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx\n\n\nRegards,\nKen Williams ; 0xE2941985\nDir. of CA Vulnerability Research Team\n\n\nCA, One Computer Associates Plaza. Islandia, NY 11749\n\t\nContact http://www3.ca.com/contact/\nLegal Notice http://ca.com/calegal.htm\nPrivacy Policy http://www.ca.com/caprivacy.htm\nCopyright 2006 CA. All rights reserved",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-3653"
},
{
"db": "BID",
"id": "16354"
},
{
"db": "VULHUB",
"id": "VHN-14861"
},
{
"db": "PACKETSTORM",
"id": "43303"
},
{
"db": "PACKETSTORM",
"id": "43468"
}
],
"trust": 1.44
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2005-3653",
"trust": 2.1
},
{
"db": "BID",
"id": "16354",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "22688",
"trust": 1.8
},
{
"db": "SECUNIA",
"id": "18591",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1015526",
"trust": 1.7
},
{
"db": "SREASON",
"id": "380",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-0311",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200512-713",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-14861",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "43303",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "43468",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14861"
},
{
"db": "BID",
"id": "16354"
},
{
"db": "PACKETSTORM",
"id": "43303"
},
{
"db": "PACKETSTORM",
"id": "43468"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-713"
},
{
"db": "NVD",
"id": "CVE-2005-3653"
}
]
},
"id": "VAR-200512-0273",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-14861"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:13:30.158000Z",
"patch": {
"_id": null,
"data": [
{
"title": "CA iTechnology iGateway Service negative Content-Length Repair measures for field value buffer error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146825"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-713"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-119",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14861"
},
{
"db": "NVD",
"id": "CVE-2005-3653"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.2,
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376"
},
{
"trust": 1.9,
"url": "http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/16354"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/423403/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/423288/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/22688"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1015526"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/18591"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/380"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2006/0311"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24269"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=full-disclosure\u0026m=113803349715927\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.ca.com/"
},
{
"trust": 0.3,
"url": "/archive/1/423403"
},
{
"trust": 0.3,
"url": "/archive/1/423288"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=full-disclosure\u0026amp;m=113803349715927\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/314/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5912/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3099/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3391/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5913/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5576/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5577/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5911/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5906/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5904/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5905/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/18591/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5908/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5584/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5909/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5942/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5910/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/313/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/312/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3653"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com."
},
{
"trust": 0.1,
"url": "http://ca.com/calegal.htm"
},
{
"trust": 0.1,
"url": "http://www.ca.com/caprivacy.htm"
},
{
"trust": 0.1,
"url": "http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_not"
},
{
"trust": 0.1,
"url": "http://osvdb.org/22688"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com/"
},
{
"trust": 0.1,
"url": "http://www3.ca.com/contact/"
},
{
"trust": 0.1,
"url": "http://www3.ca.com/securityadvisor/vulninfo/submit.aspx"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14861"
},
{
"db": "BID",
"id": "16354"
},
{
"db": "PACKETSTORM",
"id": "43303"
},
{
"db": "PACKETSTORM",
"id": "43468"
},
{
"db": "CNNVD",
"id": "CNNVD-200512-713"
},
{
"db": "NVD",
"id": "CVE-2005-3653"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-14861",
"ident": null
},
{
"db": "BID",
"id": "16354",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "43303",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "43468",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-200512-713",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2005-3653",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2005-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-14861",
"ident": null
},
{
"date": "2006-01-23T00:00:00",
"db": "BID",
"id": "16354",
"ident": null
},
{
"date": "2006-01-25T06:44:12",
"db": "PACKETSTORM",
"id": "43303",
"ident": null
},
{
"date": "2006-01-29T22:15:05",
"db": "PACKETSTORM",
"id": "43468",
"ident": null
},
{
"date": "2005-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-713",
"ident": null
},
{
"date": "2005-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2005-3653",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-14861",
"ident": null
},
{
"date": "2007-06-27T19:38:00",
"db": "BID",
"id": "16354",
"ident": null
},
{
"date": "2021-04-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200512-713",
"ident": null
},
{
"date": "2024-11-21T00:02:21.310000",
"db": "NVD",
"id": "CVE-2005-3653",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-713"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "CA iTechnology iGateway Service negative Content-Length Field value buffer error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-713"
}
],
"trust": 0.6
},
"type": {
"_id": null,
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200512-713"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.