CA Multiple Product Console Server Authentication Remote Overflow

2007-05-09T00:00:00
ID OSVDB:34585
Type osvdb
Reporter Tenable Network Security()
Modified 2007-05-09T00:00:00

Description

Vulnerability Description

A buffer overflow exists in multiple CA products. The inoweb service fails to validate the username and password resulting in a buffer overflow. With a specially crafted username or password, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, CA has released a patch to address this vulnerability.

Short Description

A buffer overflow exists in multiple CA products. The inoweb service fails to validate the username and password resulting in a buffer overflow. With a specially crafted username or password, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Security Tracker: 1018043 Secunia Advisory ID:25202 Other Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-07-028.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-05/0163.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-05/0175.html FrSIRT Advisory: ADV-2007-1750 CVE-2007-2522 CERT VU: 680616 Bugtraq ID: 23906