Intrusion Prevention

CA.License.Client.PUTOLF.Vuln

Description

This indicates a possible exploit of a buffer-overflow and directory-traversal vulnerability in the Computer Associates License Software.
The Computer Associates License Management software is designed to remotely manage and track Licenses of CA products. A buffer overflow and directory traversal vulnerability are reported in it that may allow an attacker to execute arbitrary code on the vulnerable system. This is due to the application's failure to sanitize the filename length and path in a PUTOLF request. For exploiting this, an attacker may send a specially crafted PUTOLF request containing a filename of more than 256 characters to cause a buffer overflow and execute arbitrary code on the system. Similarly, an attacker may craft a name with "../../.." in a PUTOLF request to write arbitrary files on the system.

Affected Products

Computer Associates License 1.61.8 and earlier version.

Impact

Full compromise of the affected system.

Recommended Actions

Upgrade to Computer Associates License 1.61.9 or later version.

CVE References

CVE-2005-0583 CVE-2005-0582

Other References

1 1