CVE-2005-3653
CVSS10.0
发布时间 :2005-12-31 00:00:00
修订时间 :2016-10-17 23:36:42
NMCOS    

[原文]Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field.


[CNNVD]CA iTechnology iGateway服务负Content-Length字段值缓冲区溢出漏洞(CNNVD-200512-713)

        iTechnology是为第三方产品提供标准Web服务接口的集成技术。
        iTechnology在处理HTTP请求头时存在堆溢出漏洞,远程攻击者可能利用此漏洞在主机上执行任意指令。iGateway服务在5250端口监听标准HTTP或SSL通讯。该服务没有正确地处理为负值的HTTP Content-Length字段。iGateway解析HTTP请求的Content-length字段值并直接在malloc()堆分配调用中使用了该值,因此如果提供了负数值的话,堆分配调用就会返回很小的缓冲区。malloc()调用之后,将提供的URI memcpy到所分配的缓冲区就会覆盖到堆。远程攻击者可以发送有很大URI和负值的Content-length字段的请求破坏堆,导致执行任意指令。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CWE (弱点类目)

CWE-119 [内存缓冲区边界内操作的限制不恰当]

- CPE (受影响的平台与产品)

cpe:/a:ca:etrust_audit_irecorder:8.0Computer Associates eTrust Audit iRecorders 8.0
cpe:/a:ca:itechnology_igateway:4.0.050615Computer Associates iTechnology iGateway 4.0.050615
cpe:/a:ca:brightstor_arcserve_backup:11.5Computer Associates BrightStor ARCserve Backup 11.5
cpe:/a:ca:brightstor_arcserve_backup:11.1Computer Associates BrightStor ARCserve Backup 11.1
cpe:/a:ca:brightstor_enterprise_backup:10.0::solaris
cpe:/a:ca:unicenter_service_fulfillment:2.2Computer Associates Unicenter Service Fulfillment 2.2
cpe:/a:ca:brightstor_enterprise_backup:10.5::solaris
cpe:/a:ca:unicenter_service_fulfillment:11.0
cpe:/a:ca:etrust_audit_aries:1.5:sp2
cpe:/a:ca:etrust_audit_aries:1.5:sp3
cpe:/a:ca:brightstor_portal:11.1Computer Associates BrightStor Portal 11.1
cpe:/a:ca:brightstor_arcserve_backup:11::windows
cpe:/a:ca:unicenter_service_metric_analysis:11.0Computer Associates Unicenter Service Metric Analysis 11.0
cpe:/a:ca:unicenter_service_delivery:11.0Computer Associates Unicenter Service Delivery 11.0
cpe:/a:ca:unicenter_web_services_distributed_management:11.0Computer Associates Unicenter Web Services Distributed Management 11.0
cpe:/a:ca:unicenter_management:3.5::websphere_mq
cpe:/a:ca:brightstor_enterprise_backup:10.5::tru64
cpe:/a:ca:unicenter_service_catalog_fulfillment_accounting:11.0
cpe:/a:ca:brightstor_storage_resource_manager:11.5Computer Associates BrightStor Storage Resource Manager 11.5
cpe:/a:ca:unicenter_application_server_managment:11.0
cpe:/a:ca:brightstor_arcserve_backup:9.01Computer Associates BrightStor ARCserve Backup 9.01
cpe:/a:ca:brightstor_storage_resource_manager:11.1Computer Associates BrightStor Storage Resource Manager 11.1
cpe:/a:ca:etrust_audit_irecorder:1.5:sp3Computer Associates eTrust Audit iRecorders 1.5 SP3
cpe:/a:ca:unicenter_service_level_management:11.0
cpe:/a:ca:etrust_identity_minder:8.0Computer Associates eTrust Identity Minder 8.0
cpe:/a:ca:unicenter_exchange_management_console:11.0
cpe:/a:ca:brightstor_storage_resource_manager:6.3Computer Associates BrightStor Storage Resource Manager 6.3
cpe:/a:ca:unicenter_management:11.0::weblogic
cpe:/a:ca:etrust_audit_irecorder:1.5:sp2Computer Associates eTrust Audit iRecorders 1.5 SP2
cpe:/a:ca:unicenter_application_performance_monitor:11.0
cpe:/a:ca:brightstor_storage_resource_manager:6.4Computer Associates BrightStor Storage Resource Manager 6.4
cpe:/a:ca:unicenter_autosys_jm:11.0Computer Associates Unicenter AutoSys JM 11.0
cpe:/a:ca:unicenter_web_server_management:11.0
cpe:/a:ca:unicenter_service_desk_knowledge_tools:11.0Computer Associates Unicenter Service Desk Knowledge Tools 11.0
cpe:/a:ca:etrust_audit_aries:8.0Computer Associates eTrust Audit ARIES 8.0
cpe:/a:ca:brightstor_process_automation_manager:11.1Computer Associates BrightStor Process Automation Manager 11.1
cpe:/a:ca:etrust_integrated_threat_management:8.0Computer Associates eTrust Integrated Threat Management 8.0
cpe:/a:ca:unicenter_management:11.0::websphere
cpe:/a:ca:etrust_directory:8.1_web_components
cpe:/a:ca:brightstor_arcserve_backup_laptops_desktops:11.0Computer Associates BrightStor ARCserve Backup Laptops_Desktops 11.0
cpe:/a:ca:brightstor_san_manager:11.5Computer Associates BrightStor SAN Manager 11.5
cpe:/a:ca:unicenter_ca_web_services_distributed_management:11.0
cpe:/a:ca:brightstor_arcserve_backup_laptops_desktops:11.1Computer Associates BrightStor ARCserve Backup Laptops_Desktops 11.1
cpe:/a:ca:brightstor_san_manager:11.1Computer Associates BrightStor SAN Manager 11.1
cpe:/a:ca:unicenter_asset_portfolio_management:11.0Computer Associates Unicenter Asset Portfolio Management 11.0
cpe:/a:ca:unicenter_service_desk:11.0Computer Associates Unicenter Service Desk 11.0
cpe:/a:ca:etrust_secure_content_manager:8.0Computer Associates eTrust Secure Content Manager 8.0
cpe:/a:ca:brightstor_enterprise_backup:10.5::windows_64-bit
cpe:/a:ca:etrust_admin:8.1Computer Associates eTrust Admin 8.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3653
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3653
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200512-713
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=full-disclosure&m=113803349715927&w=2
(UNKNOWN)  FULLDISC  20060123 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability
http://securityreason.com/securityalert/380
(UNKNOWN)  SREASON  380
http://securitytracker.com/id?1015526
(PATCH)  SECTRACK  1015526
http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp
(VENDOR_ADVISORY)  CONFIRM  http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376
(VENDOR_ADVISORY)  IDEFENSE  20060123 Computer Associates iTechnology iGateway Service Content-Length Buffer Overflow
http://www.securityfocus.com/archive/1/archive/1/423288/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060127 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability [v1.1]
http://www.securityfocus.com/archive/1/archive/1/423403/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060123 CAID 33778 - CA iGateway Content-Length Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/16354
(PATCH)  BID  16354
http://www.vupen.com/english/advisories/2006/0311
(VENDOR_ADVISORY)  VUPEN  ADV-2006-0311
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778
(UNKNOWN)  CONFIRM  http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778
http://xforce.iss.net/xforce/xfdb/24269
(PATCH)  XF  ca-igateway-contentlength-bo(24269)

- 漏洞信息

CA iTechnology iGateway服务负Content-Length字段值缓冲区溢出漏洞
危急 缓冲区溢出
2005-12-31 00:00:00 2006-06-05 00:00:00
远程  
        iTechnology是为第三方产品提供标准Web服务接口的集成技术。
        iTechnology在处理HTTP请求头时存在堆溢出漏洞,远程攻击者可能利用此漏洞在主机上执行任意指令。iGateway服务在5250端口监听标准HTTP或SSL通讯。该服务没有正确地处理为负值的HTTP Content-Length字段。iGateway解析HTTP请求的Content-length字段值并直接在malloc()堆分配调用中使用了该值,因此如果提供了负数值的话,堆分配调用就会返回很小的缓冲区。malloc()调用之后,将提供的URI memcpy到所分配的缓冲区就会覆盖到堆。远程攻击者可以发送有很大URI和负值的Content-length字段的请求破坏堆,导致执行任意指令。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        ftp://ftp.ca.com/pub/iTech/downloads

- 漏洞信息

22688
CA iGateway Service Content-Length Overflow
Remote / Network Access Input Manipulation
Loss of Integrity, Loss of Availability
Vendor Verified

- 漏洞描述

A remote overflow exists in iGateway. The web server fails to properly validate the Content-Length header, resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code to be executed, resulting in a loss of integrity and/or availability.

- 时间线

2006-01-23 Unknow
Unknow 2006-01-23

- 解决方案

Upgrade to version 4.0.051230 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Computer Associates iTechnology iGateway Service Content-Length Heap Overflow Vulnerability
Boundary Condition Error 16354
Yes No
2006-01-23 12:00:00 2007-06-27 07:38:00
Discovered by Erika Mendoza.

- 受影响的程序版本

Computer Associates Unicenter Web Server Management 11.0
Computer Associates Unicenter Service Matrix Analysis 11.0
Computer Associates Unicenter Service Level Management 11.0
Computer Associates Unicenter Service Fulfillment 11.0
Computer Associates Unicenter Service Fulfillment 2.2
Computer Associates Unicenter Service Desk Knowledge Tools 11.0
Computer Associates Unicenter Service Desk 11.0
Computer Associates Unicenter Service Delivery 11.0
Computer Associates Unicenter Service Catalog/Fulfillment/Accounting 11.0
Computer Associates Unicenter MQ Management 11.0
Computer Associates Unicenter Management for WebSphere 11.0
Computer Associates Unicenter Management for WebLogic 11.0
Computer Associates Unicenter Exchange Management 11.0
Computer Associates Unicenter CA Web Services Distributed Management 11.0
Computer Associates Unicenter AutoSys JM 11.0
Computer Associates Unicenter Asset Portfolio Management 11.0
Computer Associates Unicenter Application Server Managment 11.0
Computer Associates Unicenter Application Performance Monitor 11.0
Computer Associates eTrust Secure Content Manager 8.0
Computer Associates eTrust Integrated Threat Management 8.0
Computer Associates eTrust Identity Minder 8.0
Computer Associates eTrust Directory 8.1
Computer Associates eTrust Audit iRecorders 8.0
Computer Associates eTrust Audit iRecorders 1.5 SP3
Computer Associates eTrust Audit iRecorders 1.5 SP2
Computer Associates eTrust Audit ARIES 8.0
Computer Associates eTrust Audit ARIES 1.5 SP3
Computer Associates eTrust Audit ARIES 1.5 SP2
Computer Associates eTrust Admin 8.1
Computer Associates BrightStor SRM 11.5
Computer Associates BrightStor SRM 11.1
Computer Associates BrightStor SRM 6.4
Computer Associates BrightStor SRM 6.3
Computer Associates BrightStor SAN Manager 11.5
Computer Associates BrightStor SAN Manager 11.1
Computer Associates BrightStor Process Automation Manager 11.1
Computer Associates BrightStor Portal 11.1
Computer Associates BrightStor Enterprise Backup for Windows 64 bit 10.5
Computer Associates BrightStor Enterprise Backup for Tru64 10.5
Computer Associates BrightStor Enterprise Backup for Solaris 10.5
Computer Associates BrightStor Enterprise Backup for Solaris 10.0
Computer Associates BrightStor ARCServe Backup for Windows 11.0
Computer Associates BrightStor ARCServe Backup 11.5
Computer Associates BrightStor ARCServe Backup 11.1
Computer Associates BrightStor ARCServe Backup 9.01
Computer Associates ARCserve Backup for Laptops and Desktops 11.1
Computer Associates ARCserve Backup for Laptops and Desktops 11.0

- 漏洞讨论

The iGateway component of various Computer Associates products allows remote attackers to execute arbitrary code by exploiting a heap-overflow vulnerability.

The attacker can trigger the vulnerability by supplying a negative HTTP Content-Length value and a large URI to the service.

A successful attack can result in corrupting process memory and the execution of arbitrary code with SYSTEM privileges on Windows platforms. The vendor has reported that this issue triggers only a denial-of-service condition on other platforms.

Products containing iGateway 4.0.051230 are vulnerable to this issue.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

The current version of iGateway 4.0.051230 is not vulnerable to this issue. Fixes are available from the following location:

ftp://ftp.ca.com/pub/iTech/downloads/

Please see Computer Associates advisory CAID 33778 in references for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站