Computer Associates Multiple Product HTTP Request Remote Buffer Overflow Vulnerability

Multiple Computer Associates products are susceptible to a remote buffer overflow vulnerability. This issue is due to a failure of the affected products to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer.

This issue exists in the iTechnology iGateway component that is included in multiple Computer Associates products.

Versions 1.x, 2.x, and the current 4.x versions of the iGateway component are not affected by this issue. Version 3.0.040107 and earlier 3.x versions are affected. This issue is only exploitable if the non-default components are installed, the 'igateway.conf' configuration file has debugging enabled, and the service is then manually restarted.

This issue allows remote attackers to execute arbitrary machine code in the context of affected applications.


Privacy Statement
Copyright 2010, SecurityFocus