Signature Detail

APP: Computer Associates License Software GETCONFIG Buffer Overflow (Client)

This signature detects attempts to exploit a known vulnerability against Computer Associates License software; a license management tool used to register and manage product licenses on a computer network. Attackers can send a maliciously crafted message to overflow the buffer and execute code on a target system with system or root level privileges.

Extended Description

Computer Associates License client and server applications are reported prone to multiple vulnerabilities. These issues include various buffer overflow vulnerabilities in the client and server and a directory traversal vulnerability in the client. A remote attacker may execute arbitrary code and place files in arbitrary locations on a vulnerable computer. It should be noted that the affected application runs with SYSTEM privileges on Microsoft Windows Platforms and superuser privileges on UNIX platforms; this will allow for a complete compromise of the affected computer. **Update: Additional vulnerabilities are reported to affect the 'LIC98RMT.EXE' component of the Computer Associates License application. Computer Associates License application versions 1.53 to 1.61.8 on all supported platforms are affected by these vulnerabilities.

Affected Products

• Computer Associates License 1.0.15
• Computer Associates License 1.53.0
• Computer Associates License 1.54.0
• Computer Associates License 1.55.0
• Computer Associates License 1.56.0
• Computer Associates License 1.57.0
• Computer Associates License 1.60.0
• Computer Associates License 1.60.2
• Computer Associates License 1.60.3
• Computer Associates License 1.61.0
• Computer Associates License 1.61.1
• Computer Associates License 1.61.2
• Computer Associates License 1.61.8

References

• BugTraq: 12705
• CVE: CVE-2005-0581
• URL: http://www.k-otik.com/exploits/20050303.calicserv_getconfig.pm.php
• URL: http://supportconnectw.ca.com/public/ca_common_docs/security_notice.asp