Computer Associates Unicenter TNG Utilities Multiple Remote Buffer Overflow Vulnerabilities
BID:9863
Info
Computer Associates Unicenter TNG Utilities Multiple Remote Buffer Overflow Vulnerabilities
| Bugtraq ID: | 9863 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 12 2004 12:00AM |
| Updated: | Mar 12 2004 12:00AM |
| Credit: | Discovery of these vulnerabilities has been credited to Dave Aitel <[email protected]>. |
| Vulnerable: |
Computer Associates Unicenter TNG 2.4.2 Computer Associates Unicenter TNG 2.4 |
| Not Vulnerable: |
Computer Associates Unicenter TNG 2.5 |
Discussion
Computer Associates Unicenter TNG Utilities Multiple Remote Buffer Overflow Vulnerabilities
Several Computer Associates Unicenter TNG utilities have been reported to be prone to multiple remote buffer overflow vulnerabilities. These vulnerabilities likely exist due to a lack of sufficient boundary checks performed on user-supplied data.
It has been reported that these issues are exploitable remotely without prior authentication to potentially have arbitrary code executed with SYSTEM privileges on a vulnerable host.
Several Computer Associates Unicenter TNG utilities have been reported to be prone to multiple remote buffer overflow vulnerabilities. These vulnerabilities likely exist due to a lack of sufficient boundary checks performed on user-supplied data.
It has been reported that these issues are exploitable remotely without prior authentication to potentially have arbitrary code executed with SYSTEM privileges on a vulnerable host.
Exploit / POC
Computer Associates Unicenter TNG Utilities Multiple Remote Buffer Overflow Vulnerabilities
The discoverer of these vulnerabilities has developed an exploit. This exploit is not believed to be in public circulation.
The discoverer of these vulnerabilities has developed an exploit. This exploit is not believed to be in public circulation.
Solution / Fix
Computer Associates Unicenter TNG Utilities Multiple Remote Buffer Overflow Vulnerabilities
Solution:
It has been reported that these vulnerabilities have been addressed in Computer Associates Unicenter TNG version 2.5. Customers are advised to contact the vendor regarding obtaining updates.
Solution:
It has been reported that these vulnerabilities have been addressed in Computer Associates Unicenter TNG version 2.5. Customers are advised to contact the vendor regarding obtaining updates.
References
Computer Associates Unicenter TNG Utilities Multiple Remote Buffer Overflow Vulnerabilities
References:
References: