Security Notice for CA Secure Content Manager HTTP Gateway Service
Issued: June 03, 2008
CA's customer support is alerting customers to security risks associated with CA Secure Content Manager. Multiple vulnerabilities exist in the HTTP Gateway service that can allow a remote attacker to cause a denial of service condition or execute arbitrary code. CA has issued a patch to address the vulnerabilities.
The vulnerabilities, CVE-2008-2541, occur due to insufficient bounds checking on certain FTP requests. An attacker can make a request that will cause the service to fail or allow the attacker to take privileged action on the system.
CA Secure Content Manager r8
How to determine if the installation is affected
- Using a registry editor, determine if the following key exists:
- If the key does not exist, the installation is vulnerable
CA has issued the following patch to address the vulnerabilities.
CA Secure Content Manager r8:
CVE-2008-2541 - CA Secure Content Manager multiple FTP buffer overflows
CVE-2008-2541 - Sebastian Apelt working with ZDI/TippingPoint, Cody Pierce, TippingPoint DVLabs
Version 1.0: Initial Release
If additional information is required, please contact CA Technical Support at http://support.ca.com.
If you discover a vulnerability in CA products, please report your findings to our product security response team.