÷ ÐÒÏÄÏÌÖÅÎÉÅ - ÔÅÈÎÉÞÅÓËÉÅ ÄÅÔÁÌÉ ÐÒÏ ÕÑÚ×ÉÍÏÓÔØ
> -----Original Message-----
> From:
> idlabs-advisories-bounces+vladimir.kazennov=billing.ru@xxxxxxx
> defense.com
> [mailto:idlabs-advisories-bounces+vladimir.kazennov=billing.ru
> @lists.idefense.com] On Behalf Of iDEFENSE Labs Security Advisories
> Sent: Monday, January 23, 2006 9:37 PM
> To: Idlabs-Advisories@xxxxxxxxxxxxxxxxxx
> Subject: iDefense Security Advisory 01.23.06: Computer
> Associates iTechnologyiGateway Service Content-Length Buffer Overflow
>
> Computer Associates iTechnology iGateway Service Content-Length Buffer
> Overflow Vulnerability
>
> iDefense Security Advisory 01.23.06
>
> hp?id=376
> January 23, 2006
>
> I. BACKGROUND
>
> iTechnology is an integration technology which provides standard web
> service interfaces to third-party products, exposing normalized
> security event data and information in XML format.
>
> II. DESCRIPTION
>
> Remote exploitation of an input validation error in Computer
> Associates,
> Inc.'s iTechnology allows remote attackers to execute arbitrary code.
>
> The vulnerability specifically exists in the iGateway service that
> listens on port 5250 for standard HTTP or SSL traffic. The iGateway
> service fails to properly handle negative HTTP Content-Length values.
> iGateway parses the negative content-length value from an HTTP request
> and uses the value directly in a malloc() heap allocation call. By
> supplying negative values, the heap allocation call will return a very
> small buffer. Subsequent to the malloc() call, a memcpy of
> the supplied
> URI into the allocated buffer can overflow into the heap. A remote
> attacker can send a request with a very large URI and a negative
> content-length to corrupt the heap and potentially execute arbitrary
> code.
>
> III. ANALYSIS
>
> Successful exploitation of this vulnerability allows remote
> attackers to
> execute arbitrary code with SYSTEM level permissions. The iTechnology
> package is distributed with various Computer Associates eTrust brand
> software. Any attacker who can reach port 5250 on an affected host can
> attempt to exploit this vulnerability.
>
> IV. DETECTION
>
> iDefense has confirmed the existence of this vulnerability in Computer
> Associates iTechnology iGateway 4.0. It is suspected all
> versions of the
> iGateway package prior to and including 4.0.050615 are vulnerable.
>
> It should be noted that iGateway is not a product, however it is a
> component included with the following Computer Associates products:
>
> Advantage Data Transformer (ADT) R2.2
> Harvest Change Manager R7.1
> BrightStor Products:
> BrightStor ARCserve Backup r11.5
> BrightStor ARCserve Backup r11.1
> BrightStor ARCserve Backup for Windows r11
> BrightStor Enterprise Backup 10.5
> BrightStor ARCserve Backup v9.01
> BrightStor ARCserve Backup Laptop & Desktop r11.1
> BrightStor ARCserve Backup Laptop & Desktop r11
> BrightStor Process Automation Manager r11.1
> BrightStor SAN Manager r11.1
> BrightStor SAN Manager r11.5
> BrightStor Storage Resource Manager r11.5
> BrightStor Storage Resource Manager r11.1
> BrightStor Storage Resource Manager 6.4
> BrightStor Storage Resource Manager 6.3
> BrightStor Portal 11.1
> eTrust Audit 1.5 SP2 (iRecorders and ARIES)
> eTrust Audit 1.5 SP3 (iRecorders and ARIES)
> eTrust Audit 8.0 (iRecorders and ARIES)
> eTrust Admin 8.1
> eTrust Identity Minder 8.0
> eTrust Secure Content Manager (SCM) R8
> eTrust Integrated Threat Management (ITM) R8
> eTrust Directory R8.1 (Web Components Only)
> Unicenter CA Web Services Distributed Management R11
> Unicenter AutoSys JM R11
> Unicenter Management for WebLogic / Management for WebSphere R11
> Unicenter Service Delivery R11
> Unicenter Service Level Management (USLM) R11
> Unicenter Application Performance Monitor R11
> Unicenter Service Desk R11
> Unicenter Service Desk Knowledge Tools R11
> Unicenter Service Fulfillment 2.2
> Unicenter Service Fulfillment R11
> Unicenter Asset Portfolio Management R11
> Unicenter Service Matrix Analysis R11
> Unicenter Service Catalog/Fulfillment/Accounting R11
> Unicetner MQ Management R11
> Unicenter Application Server Managmenr R11
> Unicenter Web Server Management R11
> Unicenter Exchange Management R11
>
> Affected platforms:
> AIX, HP-UX, Linux Intel, Solaris, and Windows
>
> V. WORKAROUND
>
> iDefense is unaware of any effective workarounds at this time.
>
> VI. VENDOR RESPONSE
>
> The vendor has released the following advisory to address this
> vulnerability:
>
>
>
> Vendor patches are available for download at:
>
> ftp://ftp.ca.com/pub/iTech/downloads
>
> VII. CVE INFORMATION
>
> The Common Vulnerabilities and Exposures (CVE) project has
> assigned the
> name CVE-2005-3653 to this issue. This is a candidate for inclusion in
> the CVE list (), which standardizes names for
> security problems.
>
> VIII. DISCLOSURE TIMELINE
>
> 11/15/2005 Initial vendor notification
> 11/15/2005 Initial vendor response
> 01/23/2006 Coordinated public disclosure
>
> IX. CREDIT
>
> iDefense credits Erika Mendoza with the discovery of this
> vulnerability.
>
> Get paid for vulnerability research
>
>
> Free tools, research and upcoming events
>
>
> X. LEGAL NOTICES
>
> Copyright (c) 2006 iDefense, Inc.
>
> Permission is granted for the redistribution of this alert
> electronically. It may not be edited in any way without the express
> written consent of iDefense. If you wish to reprint the whole or any
> part of this alert in any other medium other than
> electronically, please
> email customerservice@xxxxxxxxxxxx for permission.
>
> Disclaimer: The information in the advisory is believed to be accurate
> at the time of publishing based on currently available
> information. Use
> of the information constitutes acceptance for use in an AS IS
> condition.
> There are no warranties with regard to this information. Neither the
> author nor the publisher accepts any liability for any
> direct, indirect,
> or consequential loss or damage arising from use of, or reliance on,
> this information.
> _______________________________________________
> To unsubscribe, go here:
>
>
