| VID |
23109 |
| Severity |
40 |
| Port |
10203,10204 |
| Protocol |
TCP |
| Class |
Daemon |
| Detailed Description |
The CA License Application, according to its version number, has multiple vulnerabilities. Computer Associates' License Server and License Client versions 1.53 through 1.61.8 contain various buffer overflow vulnerabilities in the client and server and a directory traversal vulnerability in the client. A remote attacker could execute arbitrary code and create arbitrary files in arbitrary locations on a vulnerable computer with SYSTEM privileges on Microsoft Windows Platforms and superuser privileges on UNIX platforms
* Note: This check solely relied on the version number of the remote Computer Associates License Application to assess this vulnerability, so this might be a false positive.
* References:
http://www.eeye.com/html/research/advisories/AD20050302.html
http://secunia.com/advisories/14438/
http://www.idefense.com/application/poi/display?id=212&type=vulnerabilities
http://www.ciac.org/ciac/bulletins/p-150.shtml
* Platforms Affected:
Computer Associates, License Client 1.53 to 1.61.8
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of CA License (1.61.9 or later), as listed in the CA License Security Notice at http://supportconnectw.ca.com/public/ca_common_docs/security_notice.asp
-- OR --
Apply the patch for this vulnerability, available from the Computer Associates SupportConnect Web page at http://supportconnectw.ca.com/public/reglic/downloads/licensepatch.asp#alp |
| Related URL |
CVE-2005-0581,CVE-2005-0582,CVE-2005-0583 (CVE) |
| Related URL |
12705 (SecurityFocus) |
| Related URL |
19554,19558,19560,19561,19562,19563 (ISS) |
|
