|
Family: Gain root remotely --> Category: infos
iTechnology iGateway Content-Length Buffer Overflow Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for Content-Length buffer overflow vulnerability in iTechnology iGateway
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server is affected by a buffer overflow vulnerability.
Description :
The remote host is using Computer Associates iTechnology iGateway
service, a software component used in various products from Computer
Associates.
The version of the iGateway service installed on the remote host
reportedly fails to sanitize Content-Length HTTP header values before
using them to allocate heap memory. A possible hacker can supply a negative
value, which causes the software to allocate a small buffer, and then
overflow that with a long URI. Successful exploitation of this issue
can lead to a server crash or possibly the execution of arbitrary
code. Note that, under Windows, the server runs with local SYSTEM
rights.
See also :
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376
http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp
Solution :
Contact the vendor to upgrade to iGateway 4.0.051230 or later.
Threat Level:
Critical / CVSS Base Score : 10
(AV:R/AC:L/Au:NR/C:C/A:C/I:C/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|