Intrusion Prevention

CA.iGateway.HTTP.Request.Remote.Buffer.Overflow

Description

This indicates a possible attempt to exploit a buffer overflow vulnerability in Computer Associates BrightStor products and iGateway.
The iGateway component fails to properly handle specially crafted HTTP GET requests. By sending specially crafted HTTP GET requests to port 5250 when the debug mode is enabled (which is not the system default), a remote or local attacker could overflow a buffer and execute arbitrary code on the target system.

Affected Products

Computer Associates BrightStor ARCserve Backup versions 9.x and 11.x
BrightStor Enterprise Backup versions 10.x
BrightStor Portal versions 11.x
BrightStor ARCserve 2000
iGateway versions 3.0 and 4.0

Impact

System compromise: remote code execution.

Recommended Actions

An update of Computer Associates advisory CAID 33485 is available with fixes for this issue.

CVE References

CVE-2005-3190