Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

CAID 33485 - Computer Associates iGateway debug mode HTTP GET request buffer overflow vulnerability
From: "Williams, James K" <James.Williams () ca com>
Date: Fri, 14 Oct 2005 10:53:04 -0400

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Title: Computer Associates iGateway debug mode HTTP GET request 
buffer overflow vulnerability

CA Vulnerability ID: 33485

Discovery Date: 2005-10-06

CA Advisory Date: 2005-10-14

Discovered By: EMendoza


Impact: Remote attacker can execute arbitrary code with SYSTEM 
privileges.


Summary: The Computer Associates iGateway common component, which
is included with several CA products for UNIX/Linux/Windows 
platforms, contains a buffer overflow vulnerability that could 
allow remote attackers to execute arbitrary code on Windows 
platforms, or cause iGateway component failure (denial of 
service) on UNIX and Linux.  The vulnerability is due to improper
bounds checking on HTTP GET requests by the iGateway component 
when debug mode is enabled.


Mitigating Factors: The potential for exploitation of this 
vulnerability is very low for the following reasons.

1) A non-standard install of the iGateway component is required 
to expose this vulnerability.  Typically, the embedded iGateway 
component is part of a non-interactive installation process.  
Consequently, most systems (those that utilize the default 
installation procedure) are not at risk.

2) If a non-standard install WAS performed, the iGateway 
component is still unlikely to be vulnerable to this exploit, 
because the flaw is only exposed if the component has been 
manually configured to run with diagnostic debug tracing enabled.
Configuring the component to run in debug mode requires 
administrative access to configuration files that reside on the 
machine, and also requires that the iGateway service be stopped 
and restarted by someone with administrative service privileges.
Configuring the iGateway service to operate in debug mode is 
typically performed only at the direction of Computer Associates 
support personnel who are working with a customer to troubleshoot
potential support issues.


Severity: Computer Associates has given this vulnerability a 
Medium risk rating.


Affected Technologies: Please note that the iGateway component is
not a product, but rather a component that is included with 
multiple products.  The iGateway component is included in the 
following Computer Associates products, which are consequently 
potentially vulnerable.  Note that iGateway component versions 
less than 4.0.050615 are vulnerable to this issue.

Business Services Optimization (BSO) Products:
Advantage Data Transformer (ADT) R2.2
Harvest Change Manager R7.1

BrightStor Products:
BrightStor ARCserve Backup r11.5
BrightStor ARCserve Backup r11.1
BrightStor ARCserve Backup for Windows r11
BrightStor Enterprise Backup 10.5
BrightStor ARCserve Backup v9.01
BrightStor ARCserve Backup Laptop & Desktop r11.1
BrightStor ARCserve Backup Laptop & Desktop r11
BrightStor Process Automation Manager r11.1
BrightStor SAN Manager r11.1
BrightStor SAN Manager r11.5
BrightStor Storage Resource Manager r11.5 
BrightStor Storage Resource Manager r11.1 
BrightStor Storage Resource Manager 6.4
BrightStor Storage Resource Manager 6.3
BrightStor Portal 11.1

Note to BrightStor Storage Resource Manager and BrightStor Portal
users: In addition to the application servers where these 
products are installed, all hosts that have iSponsors deployed to
them for managing applications like Veritas Volume Manager and 
Tivoli TSM are also affected by this vulnerability.

eTrust Products:
eTrust Audit 1.5 SP2 (iRecorders and ARIES)
eTrust Audit 1.5 SP3 (iRecorders and ARIES)
eTrust Audit 8.0 (iRecorders and ARIES) 
eTrust Admin 8.0
eTrust Admin 8.1
eTrust Identity Minder 8.0
eTrust Secure Content Manager (SCM) R8
eTrust Web Service Security R8
eTrust Integrated Threat Management (ITM) R8

Unicenter Products: 
Unicenter CA Web Services Distributed Management R11
Unicenter AutoSys JM R11
Unicenter Management for WebLogic / Management for WebSphere R11
Unicenter Service Delivery R11
Unicenter Service Level Management (USLM) R11
Unicenter Application Performance Monitor R11
Unicenter Service Desk R11
Unicenter Service Desk Knowledge Tools R11
Unicenter Service Fulfillment 2.2
Unicenter Service Fulfillment R11
Unicenter Asset Portfolio Management R11
Unicenter Service Matrix Analysis R11
Unicenter Service Catalog/Fulfillment/Accounting R11
Unicetner MQ Management R11
Unicenter Application Server Managmenr R11
Unicenter Web Server Management R11
Unicenter Exchange Management R11 


Status and Recommendation: 
As an immediate and completely effective remediation solution, 
simply do not operate the iGateway component in debug diagnostic 
trace mode. To ensure that you are not running iGateway in debug 
mode, look for the "Debug" parameter in your igateway.conf file, 
and make sure that it is set to "False" 
(i.e. <Debug>False</Debug>).

We have developed iGateway updates to completely address this 
vulnerability. After our QA process is completed, the updates 
will be posted to our SupportConnect web site 
(http://supportconnect.ca.com). Step-by-step instructions to 
determine a) if customers are vulnerable, and b) how to remediate
the issue, will be posted to http://supportconnect.ca.com site as 
well.


Determining your version of iGateway:
To determine the version number of the iGateway component, browse
to the igateway directory and check the version listed in the 
igateway.conf file.

On windows, this is %IGW_LOC%
Default path for v3.*: C:\Program Files\CA\igateway
Default path for v4.*: C:\Program
Files\CA\SharedComponents\iTechnology

On unix, 
Default path for v3.*:  /opt/CA/igateway
Default path for v4.*:  the install directory path is contained 
in opt/CA/SharedComponents/iTechnology location.  The default 
path is /opt/CA/SharedComponents/iTechnology.

Look at the <Version> element in igateway.conf.

The versions are affected by this vulnerability if you see a 
value LESS THAN the following: 
<Version>4.0.050615</Version>  (note the format of v.s.YYMMDD)


References: 
CA Security Advisor site
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33485

CVE Reference: CAN-2005-3190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3190

OSVDB Reference: OSVDB ID 19920 
http://www.osvdb.org/displayvuln.php?osvdb_id=19920


Customers who require additional information should contact CA 
Technical Support at http://supportconnect.ca.com.

For technical questions or comments related to this advisory,
please send email to vuln () ca com, or contact me directly.

If you discover a vulnerability in CA products, please report
your findings to vuln () ca com, or utilize our "Submit a 
Vulnerability" form.
URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx


Respectfully,

Ken Williams ; Dir. Vuln Research 
Computer Associates ; 0xE2941985


Computer Associates International, Inc. (CA). 
One Computer Associates Plaza. Islandia, NY 11749
        
Contact Us http://ca.com/catalk.htm
Legal Notice http://ca.com/calegal.htm
Privacy Policy http://ca.com
Copyright 2005 Computer Associates International, Inc.
All rights reserved

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQ0/GTnklkd/ilBmFEQKhWwCgit4SHPqGjIugOMLRtD+OffwoZCMAoIe9
VfakqqERwshYpy8AsT6CJ0L7
=aITM
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • CAID 33485 - Computer Associates iGateway debug mode HTTP GET request buffer overflow vulnerability Williams, James K (Oct 14)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]