TechTarget

CA reports unpatched security flaw

Computer Associates has reported an unpatched flaw in its iGateway security software, which allows remote attackers to take over a system and execute arbitrary code.

Computer Associates has reported an unpatched flaw in its iGateway security software, which allows remote attackers to take over a system and execute arbitrary code.

CA says the vulnerability is due to improper bounds checking of HTTP GET requests by iGateway, when the debug mode is enabled.

Remote attackers can exploit this vulnerability to cause a buffer overflow and execute arbitrary code.

The vulnerability exists in versions of 3.0 and 4.0 of iGateway supplied before 23 June 2005.

IGateway is shipped with products such as BrightStor ARCserve 2000, BrightStor Enterprise Backup and BrightStor Portal. The debug mode is not enabled by default however.

CA has not provided a fix to the problem so far, but recommends that users do not use the debug mode. CA has judged the overall risk as “medium” with the impact being “critical”.

 

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close