CA.License.Client.PUTOLF.Vuln
Description
This indicates a possible exploit of a buffer-overflow and directory-traversal vulnerability in the Computer Associates License Software.
The Computer Associates License Management software is designed to remotely manage and track Licenses of CA products. A buffer overflow and directory traversal vulnerability are reported in it that may allow an attacker to execute arbitrary code on the vulnerable system. This is due to the application's failure to sanitize the filename length and path in a PUTOLF request. For exploiting this, an attacker may send a specially crafted PUTOLF request containing a filename of more than 256 characters to cause a buffer overflow and execute arbitrary code on the system. Similarly, an attacker may craft a name with "../../.." in a PUTOLF request to write arbitrary files on the system.
Affected Products
Computer Associates License 1.61.8 and earlier version.
Impact
Full compromise of the affected system.
Recommended Actions
Upgrade to Computer Associates License 1.61.9 or later version.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |