ID CVE-2005-0581
Summary Multiple buffer overflows in Computer Associates (CA) License Client and Server 0.1.0.15 allow remote attackers to execute arbitrary code via (1) certain long fields in the Checksum item in a GCR request, (2) a long IP address, hostname, or netmask values in a GCR request, (3) a long last parameter in a GETCONFIG packet, or (4) long values in a request with an invalid format.
References
Vulnerable Configurations
  • cpe:2.3:a:ca:license_software:0.1.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:ca:license_software:0.1.0.15:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 18-10-2016 - 03:12)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bugtraq 20050302 License Patches Are Now Available To Address Buffer Overflows
confirm http://supportconnectw.ca.com/public/ca_common_docs/security_notice.asp
idefense
  • 20050302 Computer Associates License Client and Server Invalid Command Buffer Overflow
  • 20050302 Computer Associates License Client/Server GCR Checksum Buffer Overflow
  • 20050302 Computer Associates License Client/Server GCR Network Buffer Overflow
  • 20050302 Computer Associates License Client/Server GETCONFIG Buffer Overflow
saint via4
  • bid 12705
    description Computer Associates License Service GCR buffer overflow
    id misc_calicense
    osvdb 14389
    title ca_license_gcr
    type remote
  • bid 12705
    description Computer Associates License Service invalid command buffer overflow
    id misc_calicense
    osvdb 14389
    title ca_license_invalid_command
    type remote
  • bid 12705
    description Computer Associates License Service GETCONFIG buffer overflow
    id misc_calicense
    osvdb 14389
    title ca_license_getconfig
    type remote
Last major update 18-10-2016 - 03:12
Published 02-05-2005 - 04:00
Last modified 18-10-2016 - 03:12
Back to Top