Signature Detail

HTTP: Computer Associates XOsoft xosoapapi.asmx Buffer Overflow

This signature detects attempts to exploit a known buffer overflow vulnerability in CA XOsoft Multiple Products. It is due to insufficient boundary checking when handling certain HTTP requests sent to the ws_man.exe process. A remote unauthenticated attacker can exploit this by sending a malicious HTTP request to a target server. In a successful attack, where arbitrary code is injected and executed on the vulnerable target host, the behavior of the target system is dependent on the malicious code. Note that any code executed by the attacker runs with the privileges of the service. In an unsuccessful attack, the application can terminate abnormally.

Extended Description

Computer Associates XOsoft is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary-checks on user-supplied data. An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Affected Products

• Computer Associates XOsoft Content Distribution r12
• Computer Associates XOsoft Content Distribution r12.5
• Computer Associates XOsoft High Availability r12
• Computer Associates XOsoft High Availability r12.5
• Computer Associates XOsoft Replication r12
• Computer Associates XOsoft Replication r12.5

References

• BugTraq: 39238
• CVE: CVE-2010-1223