TITLE: CA Products iGateway Service Content-Length Buffer Overflow SECUNIA ADVISORY ID: SA18591 VERIFY ADVISORY: http://secunia.com/advisories/18591/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From local network SOFTWARE: BrightStor ARCserve Backup 11.x http://secunia.com/product/312/ BrightStor ARCserve Backup 11.x (for Windows) http://secunia.com/product/3099/ BrightStor ARCserve Backup 9.x http://secunia.com/product/313/ BrightStor ARCserve Backup for Laptops & Desktops 11.x http://secunia.com/product/5906/ BrightStor Enterprise Backup 10.x http://secunia.com/product/314/ BrightStor Process Automation Manager 11.x http://secunia.com/product/5908/ BrightStor Storage Resource Manager 11.x http://secunia.com/product/5909/ BrightStor Storage Resource Manager 6.x http://secunia.com/product/5910/ CA Advantage Data Transformer 2.x http://secunia.com/product/5904/ CA AllFusion Harvest Change Manager 7.x http://secunia.com/product/5905/ CA BrightStor Portal 11.x http://secunia.com/product/5577/ CA BrightStor SAN Manager 11.x http://secunia.com/product/5576/ CA eTrust Admin 8.x http://secunia.com/product/5584/ CA eTrust Audit 1.x http://secunia.com/product/5911/ CA eTrust Audit 8.x http://secunia.com/product/5912/ CA eTrust Identity Minder 8.x http://secunia.com/product/5913/ CA Unicenter Service Fulfillment 2.x http://secunia.com/product/5942/ eTrust Secure Content Manager (SCM) http://secunia.com/product/3391/ DESCRIPTION: Erika Mendoza has reported a vulnerability in various CA products, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the handling of HTTP data in the iGateway component. This can be exploited to cause a heap-based buffer overflow by supplying a negative value for the "Content-Length" HTTP header. Successful exploitation allows execution of arbitrary code, but requires access to the iGateway service at port 5250/tcp. The vulnerability has been reported in versions of iGateway prior to 4.0.051230, which is included with the following products: * Advantage Data Transformer (ADT) R2.2 * Harvest Change Manager R7.1 * BrightStor ARCserve Backup r11.5 * BrightStor ARCserve Backup r11.1 * BrightStor ARCserve Backup for Windows r11 * BrightStor Enterprise Backup 10.5 * BrightStor ARCserve Backup v9.01 * BrightStor ARCserve Backup Laptop & Desktop r11.1 * BrightStor ARCserve Backup Laptop & Desktop r11 * BrightStor Process Automation Manager r11.1 * BrightStor SAN Manager r11.1 * BrightStor SAN Manager r11.5 * BrightStor Storage Resource Manager r11.5 * BrightStor Storage Resource Manager r11.1 * BrightStor Storage Resource Manager 6.4 * BrightStor Storage Resource Manager 6.3 * BrightStor Portal 11.1 * eTrust Audit 1.5 SP2 (iRecorders and ARIES) * eTrust Audit 1.5 SP3 (iRecorders and ARIES) * eTrust Audit 8.0 (iRecorders and ARIES) * eTrust Admin 8.1 * eTrust Identity Minder 8.0 * eTrust Secure Content Manager (SCM) R8 * eTrust Integrated Threat Management (ITM) R8 * eTrust Directory R8.1 (Web Components Only) * Unicenter CA Web Services Distributed Management R11 * Unicenter AutoSys JM R11 * Unicenter Management for WebLogic / Management for WebSphere R11 * Unicenter Service Delivery R11 * Unicenter Service Level Management (USLM) R11 * Unicenter Application Performance Monitor R11 * Unicenter Service Desk R11 * Unicenter Service Desk Knowledge Tools R11 * Unicenter Service Fulfillment 2.2 * Unicenter Service Fulfillment R11 * Unicenter Asset Portfolio Management R11 * Unicenter Service Matrix Analysis R11 * Unicenter Service Catalog/Fulfillment/Accounting R11 * Unicetner MQ Management R11 * Unicenter Application Server Managment R11 * Unicenter Web Server Management R11 * Unicenter Exchange Management R11 For BrightStor Storage Resource Manager and BrightStor Portal users, all hosts that have iSponsors deployed to them for managing applications like Veritas Volume Manager and Tivoli TSM are also affected by this vulnerability. SOLUTION: Update the iGateway component to version 4.0.051230 or later. ftp://ftp.ca.com/pub/iTech/downloads/ PROVIDED AND/OR DISCOVERED BY: Erika Mendoza ORIGINAL ADVISORY: Computer Associates: http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778 iDEFENSE: http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------