Last Updated: March 17, 2005
Attention CA Customers:
License Patches Are Now Available To Address Buffer Overflows
Working closely with eEye Digital Security® and iDEFENSE, the CA Customer Support team has resolved multiple vulnerability issues recently discovered in the CA License software. Both eEye and iDEFENSE have confirmed that these vulnerabilities have been properly addressed. CA has made patches available to any affected license users.
Buffer overflow conditions can potentially allow arbitrary code to be executed remotely with local SYSTEM privileges. This affects versions of the CA License software v1.53 through v1.61.8 on the specified platforms. Customers with these vulnerable versions should upgrade to CA License 1.61.9 or higher. CA License patches that address these issues can be downloaded from CA ALP License Package Downloads.
CA strongly recommends the application of the appropriate CA License patch.
Frequently Asked Questions (FAQ) related to this security update
Utility for checking server vulnerability
USD/SDO package for the CA License vulnerability
UAM/AMO Definitions for the CA License vulnerability
The vulnerability exists if the CA License package version on the system is between v1.53 and v1.61.8.
AIX, DEC, HP-UX, Linux Intel, Linux s/390, Solaris, Windows and Apple Mac.
Determining CA License versions:
Note the following default license install directories:
Windows: C:\CA_LIC or C:\Program Files\CA\SharedComponents\CA_LIC
Unix/Linux/Mac: /opt/CA/ca_lic or /opt/CA/SharedComponents/ca_lic