Computer Associates License Application Multiple Vulnerabilities
BID:12705
Info
Computer Associates License Application Multiple Vulnerabilities
| Bugtraq ID: | 12705 |
| Class: | Unknown |
| CVE: |
CVE-2005-0581 CVE-2005-0582 CVE-2005-0583 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 02 2005 12:00AM |
| Updated: | Jul 12 2009 10:56AM |
| Credit: | Greg MacManus discovered the directory traversal and some of the buffer overflow vulnerabilities. Discovery of several of the memory corruption issues is credited to Barnaby Jack. An anonymous researcher is credited with the discovery of the other issues. |
| Vulnerable: |
Computer Associates License 1.61.8 Computer Associates License 1.61.2 Computer Associates License 1.61.1 Computer Associates License 1.61 Computer Associates License 1.60.3 Computer Associates License 1.60.2 Computer Associates License 1.60 Computer Associates License 1.57 Computer Associates License 1.56 Computer Associates License 1.55 Computer Associates License 1.54 Computer Associates License 1.53 Computer Associates License 1.0.15 |
| Not Vulnerable: |
Computer Associates License 1.61.9 |
Discussion
Computer Associates License Application Multiple Vulnerabilities
Computer Associates License client and server applications are reported prone to multiple vulnerabilities. These issues include various buffer overflow vulnerabilities in the client and server and a directory traversal vulnerability in the client. A remote attacker may execute arbitrary code and place files in arbitrary locations on a vulnerable computer.
It should be noted that the affected application runs with SYSTEM privileges on Microsoft Windows Platforms and superuser privileges on UNIX platforms; this will allow for a complete compromise of the affected computer.
**Update: Additional vulnerabilities are reported to affect the 'LIC98RMT.EXE' component of the Computer Associates License application.
Computer Associates License application versions 1.53 to 1.61.8 on all supported platforms are affected by these vulnerabilities.
Computer Associates License client and server applications are reported prone to multiple vulnerabilities. These issues include various buffer overflow vulnerabilities in the client and server and a directory traversal vulnerability in the client. A remote attacker may execute arbitrary code and place files in arbitrary locations on a vulnerable computer.
It should be noted that the affected application runs with SYSTEM privileges on Microsoft Windows Platforms and superuser privileges on UNIX platforms; this will allow for a complete compromise of the affected computer.
**Update: Additional vulnerabilities are reported to affect the 'LIC98RMT.EXE' component of the Computer Associates License application.
Computer Associates License application versions 1.53 to 1.61.8 on all supported platforms are affected by these vulnerabilities.
Exploit / POC
Computer Associates License Application Multiple Vulnerabilities
The directory traversal vulnerability does not require an exploit.
Two exploits (calicserv_getconfig.pm and calicclnt_getconfig.pm) as part of the Metasploit Framework have been released. These exploits target the GETCONFIG request buffer overflow vulnerability in the client and server.
The exploit 'CALicenseBOExplClass101.cpp' has been released for the buffer overflow in the client application.
The directory traversal vulnerability does not require an exploit.
Two exploits (calicserv_getconfig.pm and calicclnt_getconfig.pm) as part of the Metasploit Framework have been released. These exploits target the GETCONFIG request buffer overflow vulnerability in the client and server.
The exploit 'CALicenseBOExplClass101.cpp' has been released for the buffer overflow in the client application.
Solution / Fix
Computer Associates License Application Multiple Vulnerabilities
Solution:
The vendor has released License version 1.61.9 to address these issues on supported platforms. Customers may follow the instructions provided at the following location to determine if they are using an affected version:
http://supportconnectw.ca.com/public/ca_common_docs/security_notice.asp
It should be noted that users that had previously implemented any of the affected Computer Associates applications, including evaluation versions, may be vulnerable as well. It is recommended that such users implement eEye's free vulnerability scanner to verify if they are vulnerable. The scanner can be found at the following URI:
http://www.eeye.com/html/resources/downloads/audits/index.html
Computer Associates License 1.0.15
Computer Associates License 1.53
Computer Associates License 1.61.8
Solution:
The vendor has released License version 1.61.9 to address these issues on supported platforms. Customers may follow the instructions provided at the following location to determine if they are using an affected version:
http://supportconnectw.ca.com/public/ca_common_docs/security_notice.asp
It should be noted that users that had previously implemented any of the affected Computer Associates applications, including evaluation versions, may be vulnerable as well. It is recommended that such users implement eEye's free vulnerability scanner to verify if they are vulnerable. The scanner can be found at the following URI:
http://www.eeye.com/html/resources/downloads/audits/index.html
Computer Associates License 1.0.15
-
Computer Associates Lisence 1.61.9
http://supportconnectw.ca.com/public/reglic/downloads/licensepatch.asp #alp
Computer Associates License 1.53
-
Computer Associates Dgi86.tar
CA License Update for Data General i86 (UNIX)
ftp://ftp.ca.com/pub/unicenter/tng_license_update/Dgi86.tar -
Computer Associates Dynix.tar
CA License Update for Dynix (UNIX)
ftp://ftp.ca.com/pub/unicenter/tng_license_update/Dynix.tar -
Computer Associates eelic-instrvms.asp
CA License Update for OpenVMS
http://supportconnectw.ca.com/public/unicenter/infodocs/license_update /eelic-instrvms.asp -
Computer Associates lic98.tar
CA License Update for Data General 88K (UNIX)
ftp://ftp.ca.com/pub/unicenter/tng_license_update/lic98.tar -
Computer Associates lic98.tar
CA License Update for Fujitsu (UNIX)
ftp://ftp.ca.com/pub/unicenter/tng_license_update/lic98.tar -
Computer Associates lic98_aix.tar.Z
CA License Update for AIX
ftp://ftp.ca.com/CAproducts/License98/LicenseIT/lic98_v161/lic98_aix.t ar.Z -
Computer Associates lic98_DEC.tar.Z
CA License Update for DEC
ftp://ftp.ca.com/CAproducts/License98/LicenseIT/lic98_v161/lic98_DEC.t ar.Z -
Computer Associates lic98_HP.tar.Z
CA License Update for HP-UX
ftp://ftp.ca.com/CAproducts/License98/LicenseIT/lic98_v161/lic98_HP.ta r.Z -
Computer Associates lic98_linux390.tar
CA License Update for Linux
ftp://ftp.ca.com/CAproducts/License98/LicenseIT/lic98_v161/lic98_linux 390.tar -
Computer Associates lic98_linuxIntel.tar
CA License Update for Linux
ftp://ftp.ca.com/CAproducts/License98/LicenseIT/lic98_v161/lic98_linux Intel.tar -
Computer Associates lic98_mac.tar.Z
CA License Update for MAC (OSX)
ftp://ftp.ca.com/CAproducts/License98/LicenseIT/lic98_v161/lic98_mac.t ar.Z -
Computer Associates lic98_solaris.tar.Z
CA License Update for Solaris
ftp://ftp.ca.com/CAproducts/License98/LicenseIT/lic98_v161/lic98_solar is.tar.Z -
Computer Associates lic98_solarisIntel.tar.Z
CA License Update for Solaris
ftp://ftp.ca.com/CAproducts/License98/LicenseIT/lic98_v161/lic98_solar isIntel.tar.Z -
Computer Associates Lisence 1.61.9
http://supportconnectw.ca.com/public/reglic/downloads/licensepatch.asp #alp -
Computer Associates NCR.tar
CA License Update for NCR (UNIX)
ftp://ftp.ca.com/pub/unicenter/tng_license_update/NCR.tar -
Computer Associates NSK.CAZ
CA License Update for Compaq Non-stop Kernel
ftp://ftp.ca.com/pub/unicenter/tng_license_update/NSK.CAZ -
Computer Associates SCO_Openserver.tar
CA License Update for UNIX
ftp://ftp.ca.com/pub/unicenter/tng_license_update/SCO_Openserver.tar -
Computer Associates SGI_6.2.tar
CA License Update for SGI 6.2 (UNIX)
ftp://ftp.ca.com/pub/unicenter/tng_license_update/SGI_6.2.tar -
Computer Associates SGI_6.5.tar
CA License Update for SGI 6.5 (UNIX)
ftp://ftp.ca.com/pub/unicenter/tng_license_update/SGI_6.5.tar -
Computer Associates Sinix.tar
CA License Update for Sinix (UNIX)
ftp://ftp.ca.com/pub/unicenter/tng_license_update/Sinix.tar -
Computer Associates UWARE_2.x.tar
CA License Update for UnixWare 2.x (UNIX)
ftp://ftp.ca.com/pub/unicenter/tng_license_update/UWARE_2.x.tar -
Computer Associates UWARE_7.x.tar
CA License Update for UnixWare 7.x (UNIX)
ftp://ftp.ca.com/pub/unicenter/tng_license_update/UWARE_7.x.tar -
Computer Associates CALIC110-20010329Z.ZIP
CA License Update for OpenVMS
ftp://ftp.ca.com/pub/unicenter/tng_license_update/CALIC110-20010329Z.Z IP -
Computer Associates lic98_win_eng_1-61-9.zip
CA License Update for Windows
ftp://ftp.ca.com/CAproducts/License98/LicenseIT/lic98_v161/lic98_win_e ng_1-61-9.zip
Computer Associates License 1.61.8
-
Computer Associates Dgi86.tar
CA License Update for Data General i86 (UNIX)
ftp://ftp.ca.com/pub/unicenter/tng_license_update/Dgi86.tar -
Computer Associates Dynix.tar
CA License Update for Dynix (UNIX)
ftp://ftp.ca.com/pub/unicenter/tng_license_update/Dynix.tar -
Computer Associates eelic-instrvms.asp
CA License Update for OpenVMS
http://supportconnectw.ca.com/public/unicenter/infodocs/license_update /eelic-instrvms.asp -
Computer Associates lic98.tar
CA License Update for Data General 88K (UNIX)
ftp://ftp.ca.com/pub/unicenter/tng_license_update/lic98.tar -
Computer Associates lic98.tar
CA License Update for Fujitsu (UNIX)
ftp://ftp.ca.com/pub/unicenter/tng_license_update/lic98.tar -
Computer Associates lic98_aix.tar.Z
CA License Update for AIX
ftp://ftp.ca.com/CAproducts/License98/LicenseIT/lic98_v161/lic98_aix.t ar.Z -
Computer Associates lic98_DEC.tar.Z
CA License Update for DEC
ftp://ftp.ca.com/CAproducts/License98/LicenseIT/lic98_v161/lic98_DEC.t ar.Z -
Computer Associates lic98_HP.tar.Z
CA License Update for HP-UX
ftp://ftp.ca.com/CAproducts/License98/LicenseIT/lic98_v161/lic98_HP.ta r.Z -
Computer Associates lic98_linux390.tar
CA License Update for Linux
ftp://ftp.ca.com/CAproducts/License98/LicenseIT/lic98_v161/lic98_linux 390.tar -
Computer Associates lic98_linuxIntel.tar
CA License Update for Linux
ftp://ftp.ca.com/CAproducts/License98/LicenseIT/lic98_v161/lic98_linux Intel.tar -
Computer Associates lic98_mac.tar.Z
CA License Update for MAC (OSX)
ftp://ftp.ca.com/CAproducts/License98/LicenseIT/lic98_v161/lic98_mac.t ar.Z -
Computer Associates lic98_solaris.tar.Z
CA License Update for Solaris
ftp://ftp.ca.com/CAproducts/License98/LicenseIT/lic98_v161/lic98_solar is.tar.Z -
Computer Associates lic98_solarisIntel.tar.Z
CA License Update for Solaris
ftp://ftp.ca.com/CAproducts/License98/LicenseIT/lic98_v161/lic98_solar isIntel.tar.Z -
Computer Associates Lisence 1.61.9
http://supportconnectw.ca.com/public/reglic/downloads/licensepatch.asp #alp -
Computer Associates NCR.tar
CA License Update for NCR (UNIX)
ftp://ftp.ca.com/pub/unicenter/tng_license_update/NCR.tar -
Computer Associates NSK.CAZ
CA License Update for Compaq Non-stop Kernel
ftp://ftp.ca.com/pub/unicenter/tng_license_update/NSK.CAZ -
Computer Associates SCO_Openserver.tar
CA License Update for UNIX
ftp://ftp.ca.com/pub/unicenter/tng_license_update/SCO_Openserver.tar -
Computer Associates SGI_6.2.tar
CA License Update for SGI 6.2 (UNIX)
ftp://ftp.ca.com/pub/unicenter/tng_license_update/SGI_6.2.tar -
Computer Associates SGI_6.5.tar
CA License Update for SGI 6.5 (UNIX)
ftp://ftp.ca.com/pub/unicenter/tng_license_update/SGI_6.5.tar -
Computer Associates Sinix.tar
CA License Update for Sinix (UNIX)
ftp://ftp.ca.com/pub/unicenter/tng_license_update/Sinix.tar -
Computer Associates UWARE_2.x.tar
CA License Update for UnixWare 2.x (UNIX)
ftp://ftp.ca.com/pub/unicenter/tng_license_update/UWARE_2.x.tar -
Computer Associates UWARE_7.x.tar
CA License Update for UnixWare 7.x (UNIX)
ftp://ftp.ca.com/pub/unicenter/tng_license_update/UWARE_7.x.tar -
Computer Associates CALIC110-20010329Z.ZIP
CA License Update for OpenVMS
ftp://ftp.ca.com/pub/unicenter/tng_license_update/CALIC110-20010329Z.Z IP -
Computer Associates lic98_win_eng_1-61-9.zip
CA License Update for Windows
ftp://ftp.ca.com/CAproducts/License98/LicenseIT/lic98_v161/lic98_win_e ng_1-61-9.zip
References
Computer Associates License Application Multiple Vulnerabilities
References:
References:
- Computer Associates License software multiple buffer overflow vulnerabilities (Computer Associates)
- License Patches Are Now Available To Address Buffer Overflows (Computer Associates)
- Computer Associates License Client and Server Invalid Command Buffer Overflow ("iDEFENSE Labs"
- Computer Associates License Client PUTOLF Buffer Overflow ("iDEFENSE Labs"
- Computer Associates License Client PUTOLF Directory Traversal ("iDEFENSE Labs"
- Computer Associates License Client/Server GCR Checksum Buffer Overflow ("iDEFENSE Labs"
- Computer Associates License Client/Server GCR Network Buffer Overflow ("iDEFENSE Labs"
- Computer Associates License Client/Server GETCONFIG Buffer Overflow ("iDEFENSE Labs"
- EEYE: Computer Associates License Manager Remote Vulnerabilities ("Karl Lynn"