Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: CA iGateway debug mode HTTP GET request bo vulnerability/exploit SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
CA iGateway debug mode HTTP GET request bo vulnerability/exploit
Computer Associates has an announcement concerning an "iGateway debug mode HTTP GET request buffer overflow vulnerability" that says "Remote attackers can execute arbitrary code." Exploit code is publicly available. Their is no patch available at this moment, the recommended workaround is "do not run iGateway in debug mode." Computer Associates announcement references CA iGateway 3.0, and CA iGateway 4.0.
Patrick

193 Posts
Oct 11th 2005

Sign Up for Free or Log In to start participating in the conversation!