CA20110208-01: Security Advisory for CA Secure Content Manager, Gateway Security
Issued: February 08, 2011
Last Updated: July 25, 2011
CA Technologies support is alerting customers to a security risk with CA Secure Content Manager. A vulnerability exists that can allow a remote attacker to execute arbitrary code.
The vulnerability, CVE-2011-0758, is due to insufficient bounds checking by the eCS component included with Secure Content Manager and Gateway Security. A remote attacker can make a request that will cause a heap overflow, which could possibly result in privileged code execution.
Patches are currently not available. CA support is working towards a resolution. Monitor this notice and the support.ca.com CA Secure Content Manager / Gateway Security product homepage for updates. Risk Rating
Windows Affected Products
CA Secure Content Manager 8.0
CA Gateway Security 8.1
CA Gateway Security 9.0 References CVE-2011-0758
- Secure Content Manager eCS heap overflow Acknowledgement
CVE-2011-0758 - Sebastian Apelt through the TippingPoint ZDI Change History
Version 1.0: Initial Release
Version 1.1: Added Ca Gateway Security 9.0 to the Affected Products list
If additional information is required, please contact CA Technologies Support at http://support.ca.com/
If you discover a vulnerability in CA Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team