Intrusion Prevention

CA.License.Manager.Long.Command

Description

This is an attempt to exploit a vulnerability in the Computer Associates License Management software.
The Computer Associates License Management software has multiple stack-based vulnerabilities resulting from incorrect handling of incoming text strings by the "LIC98RMT.EXE" component. This executable listens on TCP ports 10203 and 10204. Successful exploitation of these vulnerabilities will allow a remote attacker to execute code within the SYSTEM context.

Affected Products

CA License software versions v1.53 through v1.61.8.

Impact

System compromise, remote code execution.

Recommended Actions

Apply the patch according to the vendor advisory:
http://supportconnectw.ca.com/public/reglic/downloads/licensepatch.asp#alp

CVE References

CVE-2005-0582