Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3653

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2005-3653
Last Modified 17 Oct 2011 12:00:00
Published 31 Dec 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3653

Summary

Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field.

Vulnerable Systems

Application

  • Ca Brightstor Arcserve Backup 11

  • Ca Brightstor Arcserve Backup 11.1

  • Ca Brightstor Arcserve Backup 11.5

  • Ca Brightstor Arcserve Backup 9.01

  • Ca Brightstor Arcserve Backup Laptops Desktops 11.0

  • Ca Brightstor Arcserve Backup Laptops Desktops 11.1

  • Ca Brightstor Enterprise Backup 10.0

  • Ca Brightstor Enterprise Backup 10.5

  • Ca Brightstor Portal 11.1

  • Ca Brightstor Process Automation Manager 11.1

  • Ca Brightstor San Manager 11.1

  • Ca Brightstor San Manager 11.5

  • Ca Brightstor Storage Resource Manager 11.1

  • Ca Brightstor Storage Resource Manager 11.5

  • Ca Brightstor Storage Resource Manager 6.3

  • Ca Brightstor Storage Resource Manager 6.4

  • Ca Etrust Admin 8.1

  • Ca Etrust Audit Aries 1.5

  • Ca Etrust Audit Aries 8.0

  • Ca Etrust Audit Irecorder 1.5

  • Ca Etrust Audit Irecorder 8.0

  • Ca Etrust Directory 8.1 Web Components

  • Ca Etrust Identity Minder 8.0

  • Ca Etrust Integrated Threat Management 8.0

  • Ca Etrust Secure Content Manager 8.0

  • Ca Itechnology Igateway 4.0.050615

  • Ca Unicenter Asset Portfolio Management 11.0

  • Ca Unicenter Autosys Jm 11.0

  • Ca Unicenter Exchange Management Console 11.0

  • Ca Unicenter Management 11.0

  • Ca Unicenter Management 3.5

  • Ca Unicenter Service Delivery 11.0

  • Ca Unicenter Service Desk 11.0

  • Ca Unicenter Service Desk Knowledge Tools 11.0

  • Ca Unicenter Service Fulfillment 11.0

  • Ca Unicenter Service Fulfillment 2.2

  • Ca Unicenter Service Level Management 11.0

  • Ca Unicenter Service Metric Analysis 11.0

  • Ca Unicenter Web Server Management 11.0

  • Ca Unicenter Web Services Distributed Management 11.0

  • Unicenter Application Performance Monitor 11.0

  • Unicenter Application Server Managment 11.0

  • Unicenter Ca Web Services Distributed Management 11.0

  • Unicenter Service Catalog Fulfillment Accounting 11.0


References

XF - ca-igateway-contentlength-bo(24269)

BID - 16354

OSVDB - 22688

IDEFENSE - 20060123 Computer Associates iTechnology iGateway Service Content-Length Buffer Overflow

CONFIRM - http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp

SECTRACK - 1015526

SECUNIA - 18591

CONFIRM - http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778

VUPEN - ADV-2006-0311

BUGTRAQ - 20060123 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability

BUGTRAQ - 20060127 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability [v1.1]

SREASON - 380


Last Updated: 27 May 2016 10:41:00