CA Technologies support is alerting customers to a security risk with CA Gateway Security. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA has issued an update that resolves the vulnerability. The vulnerability occurs due to insufficient bounds checking that can result in a memory overwrite on the heap. By sending a malformed request, an attacker can overwrite a sensitive portion of heap memory, which can potentially result in server compromise.
129765a243cc9461d666229b218c140b7dd2b2170b92ae5385206f75be6ce569-----BEGIN PGP SIGNED MESSAGE-----
CA20110720-01: Security Notice for CA Gateway Security and Total
Defense
Issued: July 20, 2011
CA Technologies support is alerting customers to a security risk with
CA Gateway Security. A vulnerability exists that can allow a remote
attacker to execute arbitrary code. CA has issued an update that
resolves the vulnerability.
The vulnerability, CVE-2011-2667, occurs due to insufficient bounds
checking that can result in a memory overwrite on the heap. By
sending a malformed request, an attacker can overwrite a sensitive
portion of heap memory, which can potentially result in server
compromise.
Risk Rating
High
Platform
Windows
Affected Products
CA Gateway Security 8.1
CA Total Defense r12
Non-Affected Products
CA Gateway Security 9.0
How to determine if the installation is affected
- From the CA Gateway Security Management Console, select About to view
version information. If the version displayed is less than 8.1.0.69,
the installation is vulnerable.
Solution
Gateway Security r8.1:
Apply fix RO32642
Alternatively, update to Gateway Security 9.0 available from the CA
support site.
References
CVE-2011-2667 - Gateway Security memory corruption
CA20110720-01: Security Notice for CA Gateway Security and Total
Defense
(url line wraps)
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={5
E404992-6B58-4C44-A29D-027D05B6285D}
Acknowledgement
CVE-2011-2667 - Andrea Micalizzi via the TippingPoint ZDI
Change History
Version 1.0: Initial Release
If additional information is required, please contact CA Technologies
Support at http://support.ca.com/
If you discover a vulnerability in CA Technologies products, please
report your findings to the CA Technologies Product Vulnerability
Response Team.
(url line wraps)
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=17
7782
Regards,
Kevin Kotas
CA Product Vulnerability Response Team
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQEVAwUBTicU8pI1FvIeMomJAQHDpQgAlZ5TqT9B+I4zd20wzh8GhajqGb8BIuxo
sCToQG5jq+kUX1QMnL+MVv4A0nR2o2P8cgxEhNtpEOyHnTeKvBuT//ALBpQgjYQ3
lMY3tRNrqEo1BAD9x/GqVp/xIBiaqkL80bt0BXmvxxhKblSX30mUA8D+v8P+DPrO
eR+VEB7feWQ9LaqjIeEa5t8P5/TxuA+XNv0EdWtU7OAFc/IzXiu91XF++I+UJs3V
l9Kvdj7x7JXyqZXc3943eUR/zqbxXO2/h/67Gj+N5ub1S4TBkPuoUMcPQ3o3l2WZ
75HcRT6AIHZ6shTbD20TCl1LUs4uKmJYc41kfbCEX3BsU12WbbV+zw==
=w+9B
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed