View my documents ()
 Home > Support > Global Security Advisor 

Vulnerability Detail

Computer Associates iGateway debug mode HTTP GET request buffer overflow vulnerability

Date Discovered:
6 Oct 2005

Date Published:
10 Oct 2005

Last Updated:
7 Dec 2005

Threat Assessment

Overall Risk:  Medium
Popularity : Low
Impact:  Critical
Simplicity:  Low

Characteristics

Vulnerability ID:  33485
Discovered By:  Erika Mendoza

Exploitable Locally:  No
Exploitable Remotely:  Yes

Impact:  Remote attackers can execute arbitrary code.

Root Cause:  Software Vulnerability

Description
Recommendations
Affected Technologies
References
 

Description

Computer Associates iGateway contains a buffer overflow vulnerability that may allow remote attackers to execute arbitrary code. The vulnerability is due to improper bounds checking of HTTP GET requests by iGateway when debug mode is enabled. Remote attackers can exploit this vulnerability to cause an overflow and execute arbitrary code. Note: the vulnerability exists in versions of 3.0 and 4.0 made prior to June 23, 2005.

Back to top

Recommendations

Back to top

Affected Technologies

Computer Associates: CA iTechnology iGateway 3.0.031021.0 - 2003-10-21 Windows
Computer Associates: CA iTechnology iGateway 3.0.031022.0 - 2003-10-22 AIX
Computer Associates: CA iTechnology iGateway 3.0.031022.0 - 2003-10-22 Linux
Computer Associates: CA iTechnology iGateway 3.0.031022.0 - 2003-10-22 Solaris
Computer Associates: CA iTechnology iGateway 3.0.031023.0 - 2003-10-23 HP-UX
Computer Associates: CA iTechnology iGateway 3.0.031031.0 - 2003-10-31 AIX
Computer Associates: CA iTechnology iGateway 3.0.031031.0 - 2003-10-31 HP-UX
Computer Associates: CA iTechnology iGateway 3.0.031031.0 - 2003-10-31 Windows
Computer Associates: CA iTechnology iGateway 3.0.031219.0 - 2003-12-19 Windows
Computer Associates: CA iTechnology iGateway 3.0.040107.0 - 2004-01-07 Linux
Computer Associates: CA iTechnology iGateway 3.0.040112.0 - 2004-01-12 Windows
Computer Associates: CA iTechnology iGateway 3.0.040211.0 - 2004-02-11 Windows
Computer Associates: CA iTechnology iGateway 3.0.040212.0 - 2004-02-12 Linux
Computer Associates: CA iTechnology iGateway 3.0.040212.0 - 2004-02-12 Solaris
Computer Associates: CA iTechnology iGateway 4.0.041221.0 - 2004-12-21 Windows
Computer Associates: CA iTechnology iGateway 4.0.050126.0 - 2005-01-26 Windows
Computer Associates: CA iTechnology iGateway 4.0.050224.0 - 2005-02-24 AIX
Computer Associates: CA iTechnology iGateway 4.0.050224.0 - 2005-02-24 Solaris
Computer Associates: CA iTechnology iGateway 4.0.050224.0 - 2005-02-24 Windows
Computer Associates: CA iTechnology iGateway 4.0.050306.0 - 2005-03-06 AIX
Computer Associates: CA iTechnology iGateway 4.0.050306.0 - 2005-03-06 HP-UX
Computer Associates: CA iTechnology iGateway 4.0.050306.0 - 2005-03-06 Solaris
Computer Associates: CA iTechnology iGateway 4.0.050306.0 - 2005-03-06 Windows
Computer Associates: CA iTechnology iGateway 4.0.050321.0 - 2005-03-21 AIX
Computer Associates: CA iTechnology iGateway 4.0.050321.0 - 2005-03-21 HP-UX
Computer Associates: CA iTechnology iGateway 4.0.050321.0 - 2005-03-21 Solaris
Computer Associates: CA iTechnology iGateway 4.0.050322.0 - 2005-03-22 Linux
Computer Associates: CA iTechnology iGateway 4.0.050325.0 - 2005-03-25 Windows
Computer Associates: CA iTechnology iGateway 4.0.050401.0 - 2005-04-01 AIX
Computer Associates: CA iTechnology iGateway 4.0.050401.0 - 2005-04-01 HP-UX
Computer Associates: CA iTechnology iGateway 4.0.050401.0 - 2005-04-01 Solaris
Computer Associates: CA iTechnology iGateway 4.0.050401.0 - 2005-04-01 Windows
Computer Associates: CA iTechnology iGateway 4.0.050413.0 - 2005-04-13 AIX
Computer Associates: CA iTechnology iGateway 4.0.050413.0 - 2005-04-13 HP-UX
Computer Associates: CA iTechnology iGateway 4.0.050413.0 - 2005-04-13 Linux
Computer Associates: CA iTechnology iGateway 4.0.050413.0 - 2005-04-13 Solaris
Computer Associates: CA iTechnology iGateway 4.0.050414.0 - 2005-04-14 Windows
Computer Associates: CA iTechnology iGateway 4.0.050518.0 - 2005-05-18 AIX
Computer Associates: CA iTechnology iGateway 4.0.050518.0 - 2005-05-18 HP-UX
Computer Associates: CA iTechnology iGateway 4.0.050518.0 - 2005-05-18 Linux
Computer Associates: CA iTechnology iGateway 4.0.050518.0 - 2005-05-18 Solaris
Computer Associates: CA iTechnology iGateway 4.0.050518.0 - 2005-05-18 Windows
Computer Associates: CA iTechnology iGateway 4.0.050526.0 - 2005-05-26 AIX
Computer Associates: CA iTechnology iGateway 4.0.050526.0 - 2005-05-26 HP-UX
Computer Associates: CA iTechnology iGateway 4.0.050526.0 - 2005-05-26 Linux
Computer Associates: CA iTechnology iGateway 4.0.050526.0 - 2005-05-26 Solaris
Computer Associates: CA iTechnology iGateway 4.0.050526.0 - 2005-05-26 Windows
Computer Associates: CA iTechnology iGateway 4.0.050601.0 - 2005-06-01 AIX
Computer Associates: CA iTechnology iGateway 4.0.050601.0 - 2005-06-01 HP-UX
Computer Associates: CA iTechnology iGateway 4.0.050601.0 - 2005-06-01 Linux
Computer Associates: CA iTechnology iGateway 4.0.050601.0 - 2005-06-01 Solaris
Computer Associates: CA iTechnology iGateway 4.0.050601.0 - 2005-06-01 Windows
Computer Associates: CA iTechnology iGateway 4.0.050613.0 - 2005-06-13 AIX
Computer Associates: CA iTechnology iGateway 4.0.050613.0 - 2005-06-13 HP-UX
Computer Associates: CA iTechnology iGateway 4.0.050613.0 - 2005-06-13 Linux
Computer Associates: CA iTechnology iGateway 4.0.050613.0 - 2005-06-13 Solaris
Computer Associates: CA iTechnology iGateway 4.0.050613.0 - 2005-06-13 Windows

Back to top

References

Mitre CVE: CAN-2005-3190

Back to top

CA Global Security Advisor

Current threat condition: Low
Low
Documents and Tools
Find Threats
Viruses Spyware
Vulnerabilities All
 
 
Page Tools
ShareShare